We respect your privacy and are committed to protecting all your data by keeping it secure.
- All of our services run in the cloud. UTOPIA does not operate its own routers, load balancing systems, DNS servers or physical servers.
- AWS is a hosting service certified to rigorous and internationally recognized standards and codes of conduct: ISO/IEC 27001:2013, 27017:2015 and 27018:2014.
- All of our services and data are hosted at Amazon Web Services (AWS) facilities in Europe.
- All our infrastructure resides in the AWS / Ireland data center (eu-west-1 availability zone).
- All of our servers are within our virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from accessing our internal network.
- UTOPIA uses the MongoDB Atlas backup solution for datastores containing customer data. We take 1 full snapshot of the data every 6 hours and make it available for 4 days. We also take a daily snapshot that we make available for 7 days, a weekly snapshot that we make available for 4 weeks and finally a monthly snapshot that we make available for 12 months.
- Our team implements all procedures and best practices necessary to achieve and guarantee a 100% system availability rate (SLA).
- However, the real guaranteed up-time is 99.99%. This % excludes all planned service interruptions for the release of new features, malfunction corrections and system optimizations.
Data and the right to be forgotten
- All customer data is stored in Europe.
- Customer data is stored in multi-tenant databases. We do not have individual databases for each customer. However, there are careful privacy controls in the application code designed to ensure the confidentiality of data and prevent one client from accessing the data of others. We have written many unit and integration tests to ensure that these controls work as intended. These tests are run every time the code is updated and even in the face of a single failure the new code is not released into production.
- The data are the property of the customer who, at the end of the contract, can at any time export them in CSV format.
- UTOPIA guarantees the right tobe forgotten. Autonomously and without the need for intervention by our staff, customers can destroy their data from our systems (including backups) at any time. For security reasons only the owner of a domain has access to this functionality from the Settings menu of his account.
- All data sent to or from UTOPIA is encrypted during transit using 256-bit encryption.
- Our APIs and application endpoints use only TLS / SSL protocols.
- UTOPIA is 100% served on https.
- The authentication is based on single factor and requires the insertion of a password that respects the following criterion of robustness: minimum 10 alphabetical characters, at least 1 character between !$%&?@#, a number and a capital letter.