Protecting your data is our highest priority. Discover how we keep your data and the data of your users secure with state-of-the-art security practices.
We require all employees and contractors to sign a confidentiality agreement and comply with our cybersecurity policy.
We are reviewing our cyber security policy every quater and train our team on security regularly.
We enforce a device management policy (password strength and rotation, lock screen when leaving the desk, disk encryption, remote lock).
Our employees and freelancers must report all actual or suspected IT security incidents.
By default, our employees and freelancers don't have access to user data. Exceptions can be made for customer support.
Our service is built using the Amazon Web Services (AWS) cloud. AWS offers robust security mechanisms to protect our infrastructure.
Our networking infrastructure (routers, load balancers, DNS servers,...) are all managed by AWS.
All communications are performed through end-to-end HTTPS encryption.
Access to our network is strictly controlled using a VPN with network access control lists (ACL) and IP whitelisting.
Our inbound and outbound network traffic is monitored and controlled using firewalls and IP whitelisting.
We are using an industry-leading solution to mitigate our risk of Distributed Denial of Service (DDoS).
We are using solutions to monitor the performance of our platform and log errors in our service.
We commit to full transparency on all outages and service degration. You can follow our system status in real time on our public status page.
We are using separate environments for testing and production.
Your data belongs to you. We don't resell or re-use your data or survey data that we collected on your behalf in any way.
Your personal data and all data we collect on your behalf from your users is savely stored in our AWS cloud in the US-EAST-2 data center.
All data coming to or sending from our infrastructure is encrypted in transit using Transport Layer Security (TLS 1.2). All our user data is encrypted at rest using AES 256-bit encryption algorithm.
We are anonymizing data as much as possible when sendind it to our sub-processors.
As a European company, we are fully GDPR compliant (see below). When personal data is transferred outside the European Union, we ensure that the level of protection by the GDPR is not undermined and that adequate safeguards for the protection of personal data is provided.
Traditionally, Refiner had an uptime of 99.9% or higher. One of our top priorities is to provide uninterupted services at all times. You can follow our system status in real time on our public status page.
We are following OWASP security best practices to protect our solution.
We are strictly controlling who has access to our source code.
We are restricting access to production data to authorized staff members only and protecting it by 2FA, VPN access, and IP Whitelisting.
We are reviewing our code systematically for security vulnerabilities. We welcome responsible disclosure of vulnerabilities.
We are monitoring and updating our dependencies to make sure none of them has know vulnerabilities.
GDPR is a regulation put in place in the EU since 2018. The goal of this regulation is to protect the data of users of internet services.
In addition to our Pricacy Policy and Terms of Service, we also provide a GDPR specific Data Processing Agreement. Please contact us to receive an executed copy for your organization.
We don't store any payment information and don't process payments on our own infrastructure.
We are using Stripe and Chargebee for all payment related matters. Stripe and Chargebee are both PCI compliant services.