Data security policy

Best-in-class Security

When you sign up for Nutcache, you automatically benefit from the most advanced technology for Internet security available today. We use the same 256-bit SSL encryption and physical security that banks use, which helps prevent account theft. Our practices are monitored and verified by Trust Guard and GoDaddy. In addition, our organization goes through security audits on a regular basis to make sure we conform to and maintain the highest effective security standards.

Daily Backups

We understand that the data you enter into Nutcache is vital to the operation of your business, so reliable systems back up the entire database several times a day to secured servers located in a secure location ensuring that, even in the event of a catastrophe, your information will be safe and your records can be quickly restored.

Secured Data

1. Purpose

At Nutcache, we understand that the security of your data is of utmost importance. This Data Security Policy outlines the measures we have implemented to ensure the confidentiality, integrity, and availability of client data. By maintaining rigorous security standards, Nutcache is committed to safeguarding the sensitive information entrusted to us.

2. Scope

This policy applies to all systems, employees, contractors, and third parties who have access to Nutcache’s information systems and client data.

3. Data Center Security

3.1 Ownership and Location

  • Nutcache is the sole owner of its data center, located in Laval, Quebec, with a redundant replication site in Toronto for enhanced data availability and disaster recovery.
  • Our servers are located across 280 secure units in Laval.

3.2 Physical Security

  • The data center building is secured with:
    • Bullet-proof windows.
    • Access control systems: Unique access codes are required for each department, ensuring that only authorized personnel can access sensitive areas.
    • Hospital-grade power generators to provide uninterrupted power supply, ensuring continuous operation even in adverse conditions.

3.3 Network Security

  • Fiber optics connectivity is deployed across all three points of entry, providing fast and secure data transmission.
  • SSL Security Compliance: All data transmitted between our clients and Nutcache systems is encrypted using the latest SSL protocols to prevent interception and unauthorized access.

3.4 Redundancy and Business Continuity

  • Redundancy is integrated into every aspect of our infrastructure, including servers, network equipment, and power supplies, to guarantee data availability and prevent downtime.
  • The replication site in Toronto ensures that data is continuously synchronized and readily available in case of a disaster at the primary site.

4. Data Hosting and Compliance

  • All client data is hosted exclusively in Canada, which ensures that it is not subject to US regulations, including the Patriot Act or CLOUD Act.
  • Nutcache adheres to all Canadian data protection laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

5. Data Security and Privacy

5.1 Data Integrity and Confidentiality

  • Nutcache controls every aspect of the data security chain, ensuring end-to-end security for client information.
  • Advanced encryption techniques are used to protect data at rest and in transit.

5.2 Access Control and Authentication

  • Role-based access controls ensure that employees and contractors have access only to the data necessary for their job functions.

5.3 Monitoring and Logging

  • Continuous monitoring of systems and networks is performed to detect and respond to any unauthorized access or unusual activity.
  • Detailed logging is maintained for all access and changes to critical systems and data.

6. Security Audits and Compliance

  • Nutcache is subjected to periodic security audits conducted by independent third-party security firms to evaluate the effectiveness of our security controls.
  • Any vulnerabilities identified are promptly addressed following industry best practices and guidelines.

7. Incident Response and Breach Notification

  • A comprehensive incident response plan is in place to quickly identify, contain, and remediate security incidents.
  • Clients will be notified promptly of any data breach that may affect their personal or business information.

8. Employee Training and Awareness

  • Regular security awareness training is provided to all employees to ensure they are aware of data security best practices and emerging threats.
  • Employees are required to adhere to Nutcache’s confidentiality and data security policies.

9. Policy Review and Updates

This policy is reviewed at least annually or whenever there are significant changes to our infrastructure, regulatory requirements, or business processes. Updates will be communicated to all stakeholders, including clients and employees.

10. Attachment Storage

In addition, Nutcache uses OVH to securely store attachments uploaded by Nutcache users within their respective organizations. With more than 1,000,000 customers worldwide, 17 data centers in 17 countries and over 18 million hosted web applications, OVH is considered the 3rd largest Internet hosting company in the world. To learn more about OVH’s security and GDPR compliance, click here.

Software Security

The Nutcache application including your data rests securely behind best-in-class multiple-level firewalls. Accessing your Nutcache application requires a username and password. Passwords are securely stored and never transmitted openly, online or by email. If you forget your password, Nutcache will generate a new one for you.

Need More Info?

For any questions or concerns regarding this Data Security Policy, please contact:

Nutcache Security Team
Address: 1270, Dagenais Boul. West, Laval, Quebec, Canada
Email: [email protected]
Phone: 1 (855) 724-6821.

Acknowledgment

By using Nutcache services, clients acknowledge and agree to the terms outlined in this Data Security Policy. Nutcache reserves the right to update this policy as needed to enhance our security measures and comply with regulatory requirements.