As users of our own product, we understand how important the security and privacy of your data is. We are committed to providing our customers with a highly secure and reliable environment for its cloud-based application. We have therefore developed a security model that covers all aspects of cloud-based Diving.Management systems.
Please read the Security statement carefully, and if you have any questions, comments, or concerns regarding these terms, please contact us at firstname.lastname@example.org or our company contact email@example.com, or at Webase Global, 77 Camden Street Lower, D02 XE80, Dublin, Ireland. These terms are a binding contract between you and Webase Global (“Webase Global”). Diving.Management is a Platform made and managed by Webase Global Company.
The security model and controls are based on international protocols and standards and industry best practices, Security techniques- Code of practice for protection of personally identifiable information in public clouds.
As part of the company’s focus on security issues, the company security team performs on a regular basis:
Adopting an overarching management process to ensure that the information security controls continue to meet the organization’s evolving information security needs.
Our systems is hosted on Siteground infrastructure. They’ve devoted an entire portion of their site to explaining their security measures and legal statements, which you can find here: https://world.siteground.com/privacy.htm. No one other than our developers can access the data of clients and this is only done if it is necessary to solve client-related issues.
Customer data is stored only in the production environment. Developers only have approval to access user data in order to solve client requests, issues or bugs. All logs of SSH connections to our production environment are saved and archived. Attachments in your account are encrypted and delivered on a per-user-access controlled basis.
We know the data you share in Diving.Management is private and confidential. We have strict controls over our employees’ access to internal data and we are committed to ensuring that your data is never seen by anyone who should not see it. With that said, the operation of Diving.Management wouldn’t be possible without a few members having access to our databases in order to optimize performance and storage. This team is prohibited from using these permissions to view customer data without explicit, written permission from the user.
Any new feature or code that will be implemented into our system starts with an in-depth analysis of security and privacy risks. All code is saved into a git version control repository and evaluated in a test environment before deploying it into our production environment. All code is reviewed by a second developer to ensure code quality.
Security controls at Siteground data centers are based on standard technologies and follow the industry’s best security practices. The physical security controls are constructed in such a way as to eliminate the effect of single points of failure and retain the resilience of the computing center.
A variety of environmental controls are implemented at the data center facilities.
Diving.Management ensures the security and privacy of user information by encrypting data on all servers at rest and in transit.
Our systems are designed to ensure data is protected at all times. Specifically, we’re using TLS v1.2 with strong ciphers to protect data in transit, and AES-256 to encrypt data at rest. User passwords are hashed and salted with a modern hash function.
Diving.Management’s cloud-based solution is deployed using Siteground, enabling us to guarantee high security through utilizing a series of high tech, best in the industry solutions that work to ensure the safety of all user data on the Siteground network.
We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of Diving.Management. We monitor our product for security vulnerabilities automatically as the product grows.
Diving.Management monitors servers to retain and analyze a comprehensive view of the security state of its production infrastructure.
Diving.Management collects and stores production servers logs for analysis. Logs are stored and indexed in a separate network.
We consistently backup the data of our customers. Critical data is backed up every 5 minutes, and non-critical data on a daily basis. Backups are encrypted and distributed to various locations, where they are retained for 25 days.
Diving.Management realizes that the malicious activities of an insider could have an impact on the confidentiality, integrity, and availability of all types of data and has therefore formulated policies and procedures concerning the hiring of IT administrators or others with access to important and crucial systems. Diving.Management has also formulated policies and procedures for the ongoing periodic evaluation of IT administrators or others with system access. User permissions are continuously updated and adjusted so when a user’s job no longer involves infrastructure management, the user’s console access rights are immediately revoked.
In order to help ensure that Diving.Management employees are aligned with the security practices and aware of their duties. Our engineering and operation teams keep their skills up to date regarding security best practices. We have coded many different online systems and are experienced in infrastructure security and systems security.