Security Policy
      Back to home
      1. Help Center
      2. Introduction
      3. Security Policy

      Security

      1. Security and Sustainability

      Question 1: How is data security and backup handled at Plugnotes?

      • Short answer: Plugnotes follows robust security protocols for data backup and security.
      • Detail: Users can also export a complete copy of their data.

      Question 2: Does Plugnotes guarantee the security of data transfers via FTP and API?

      • Short answer: Yes, Plugnotes uses secure connections (SFTP) for data transfers and an encrypted API.
      • Detail: Data transfers via FTP are done in secure mode (SFTP) to ensure the protection of sensitive information. In addition, all exchanges via the API are encrypted with the AES-256 algorithm to ensure end-to-end data confidentiality. Encryption keys are managed via AWS KMS.

      References:

      • AES-256 encryption via  AWS KMS.
      • Secure FTP connection via SFTP.

      2. Security and Data Sharing

      Question 1: Your terms and conditions state: "These limited rights include hosting, backing up, and possibly sharing your data. By using our Services, you grant us permission to do so. We may also work with trusted third parties and affiliates, and you authorize us to grant them permissions as necessary to facilitate the provision of our Services." Does this mean that some of our data may be shared with third parties? What are they?

      • Short answer: No, this is not a voluntary sharing of data.
      • Detail: This is a legal provision that informs you that third-party technicians may have limited access to data as part of infrastructure maintenance. These accesses are strictly controlled and used only in this context to ensure the proper functioning of the SaaS application.

      References:

      Question 2: Regarding data security, even though the data is stored in Germany, is there a guarantee of backups?

      • Short answer: Yes, the data is permanently duplicated and interchangeable at any time.
      • Detail: The technologies used by Plugnotes ensure that the servers are constantly duplicated across multiple data centers. A historical return of up to 30 days is possible. For specific recoveries, fees may apply.

      References:

      Question 3: In the termination conditions it is stated that it is up to us to export the necessary data before the termination date. How does this work?

      • Short answer: Exporting data is done in one click.
      • Detail: Each form can be exported in ZIP format, ensuring quick and easy retrieval of all data before termination.

      3. Account Authentication and Security

      Question 1: It is stipulated that account security is ensured by password. Is there a two-factor authentication (MFA) provided?

      • Short answer: Yes, via SSO with Azure AD.
      • Detail: MFA (multi-factor authentication) is enabled via Azure AD Single Sign-On (SSO), allowing for a secure login, similar to Office365. This also ensures that people who are no longer part of the organization can no longer access Plugnotes.

      References:

      Question 2: Information transfers can be done via FTP (unsecured protocol). Can you confirm that the stored data is encrypted as well as the transfers (end-to-end)? What encryption algorithm is used?

      • Short answer: Transfers are done via SFTP (secure connection) and not FTP.
      • Detail: Files are encrypted in AES-256, and keys are managed by AWS KMS. Storage is secured on AWS EFS with replication across at least 3 Availability Zones (AZ), ensuring end-to-end data security.

      References:

      4. Technical Infrastructure

      Question: What technical infrastructure does Plugnotes use to ensure stability, performance and security?

      • Short answer: Plugnotes uses a modern and secure infrastructure, based on Amazon Web Services (AWS) Cloud technologies, with high-performance web and mobile applications.
      • Detail:
      • Web: Plugnotes is developed in React JS, a fast and modern JavaScript framework for web user interfaces. This allows for optimal responsiveness and a great user experience on all modern browsers.
      • Cloud: Plugnotes data is hosted on Amazon Web Services (AWS) in data centers located in Frankfurt, offering redundancy across three data centers to ensure high availability and maximum resilience.
      • Mobile: Plugnotes mobile application is developed in React Native, a technology that allows to create performant mobile applications on iOS and Android, ensuring a native experience on all mobile devices.
      • Database: Data is stored in a MySQL database, which guarantees increased performance and reliability for transactions and data management.
      • Back-end: Plugnotes uses Symfony PHP for its backend, a robust solution that works with HTTPS to secure all communications between the client and the server.
      • API: Plugnotes has a REST/JSON API that allows real-time data exchanges, facilitating integration with ERP, CRM, WMS, or any other external software solution. This API guarantees smooth and secure communication via standardized protocols.

      References:

      • Hosting via AWS Frankfurt.
      • React JS for web interfaces.
      • React Native for mobile applications.
      • Symfony PHP and MySQL for backend and database.
      • REST/JSON API for easy and secure integrations.

      --
      Customer Success
      If you have any questions, please contact our Customer Success Team