We’ve gone through numerous security assessments with our customers, and we know that security matters for a high-quality B2B SaaS. This page shows a selection of questions around the security of SIGNL4. We cannot provide all (sensitive) details here but are happy to share further information on request or as part of an approval process.
SIGNL4 is fully GDPR compliant. Our European Data Center is in Amsterdam, Netherlands (Microsoft Azure Data Center).
For best GDRP compliance and for customers in the European Union, we do provide for a full data processing agreement which can be examined here and, if needed, signed electronically.
You can find our data privacy policy here.
SIGNL4 is hosted on Microsoft Azure. Azure data centers do have various certifications including SOC2. Read more here
Storage of SIGNL4 data in Azure is encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
Service connectivity is secured via SSL (REST) and TLS (SMTP). We also encrypt communication between our node-clusters and internal applications based on TLS 1.2.
We encrypt/hash certain content like service passwords and 3rd party tool service account passwords and compare only hashed data. Certain logical operations on content like keyword matching algorithm however require decrypted processing.
Authentication of the mobile app is token-based and data are automatically erased from the mobile device if no valid authentication is provided. The authentication against external providers like Microsoft Azure AD is also based on tokens. Please, contact us in case you require more details.
SIGNL4 is hosted in a European (EU) data center of Microsoft Azure.
Yes, we have continuous DAST (Dynamic Application Security Testing) running, using a commercial tool on at least a weekly basis. We can provide you with reports as part of a security assessment.
We also perform SAST (Static Application Security Testing) as well as SCA (Source Code Analysis) testing. Manual PEN testing will be conducted shortly.
Yes, of course. The SIGNL4 cluster is protected by a commercial firewall.
We do not enforce a TLS version but do support TLS 1.2.
Yes. You have full control over your data. If you choose to delete your account, we delete all your data. We fully operate under European GDPR.
As long as your account is active, we retain your data. We retain notification/message/event data up to 12 months, depending on your subscription plan.
Yes. First of all, SIGNL is a multi-node cluster application with inherent high availability and failover. Our DR also includes daily off-site backups, resulting in an RPO (Recovery Point Objective) of 24 hours. We are also using 3rd party services and try make sure those meet or exceed our own availability goals.
You can track our uptime of close to 99.99% here: https://status.signl4.com
SIGNL4 is public SaaS. So, we’ve implemented logical data segregation in our code based on client and API keys. This prevents access to any data except your own, including through our API.
Yes. APIs keys and passwords (customer login) are stored in hashed format. API keys are only shown once to the user upon creation.
We have a wide range of policies (TOMs – technical and organizational measures) in place, ranging from physical access control, digital access rights control, multi-factor authentication and so on. Please, refer to our Data Processing Agreement for more details.
We currently support MFA (multi-factor authentication) through Microsoft Azure AD, Google and Apple authentication if you enable MFA with these providers. For our custom login, we have plans to implement MFA.