Security Policy
$0.00

Security Policy

 

Privanz – Security Policy 

This Security Policy is subject to and incorporated into the terms of service (the “Terms”) between You and Privanz. You may access the Terms at privanz.com or by clicking here.

By agreeing to the Terms and installing, accessing or using the Services, You are agreeing to this Security Policy and the terms contained herein.

Multi-layered Security

The best way to understand the multiple levels of security is to follow the paths end-to-end:

 

Authentication

Before any initial upload occurs, you must log-in to your Privanz’s Account or Server with your credentials. This procedure is based on strong authentication rules that cover:

  • Multiple factors (minimum number of characters, required numbers of numbers, special characters or uppercase characters, restriction from using email addresses)
  • Passwords Reset
  • Audit of number of failed attempts
  • Prevention of persistent logins
  • Session expiration
  • Active Directory/LDAP integration

 

Client Access and Transit

Privanz is capable of providing access to server’s accounts through mobile browsers or specific applications (iPhones, iPads, Android phones, and desktop clients).

Depending on the Synchronization Client you choose to use, all files’ data may be encrypted first, then sent the server.

Every client has a unique private key. When a client and a server connect, they will exchange public key and negotiate a session key. This session key will be used to encrypt the data transfer using AES-128 algorithm.

If a mobile device is stolen or lost, the administrator can unsync libraries as required. You can also remove ownership from libraries or disable access to the server.

 

Permissions

Once uploaded the file inherits the permissions of the library / directory
that contains it. However, these permissions can be customized through detail access:

  • Private/public: Files uploaded are private to the library owner. You must explicitly decide to share files. Files that have been shared can be made private at any time.
  • Password protection: add a password to your share, so that users need a password to access it.
  • Notification: notifications can occur on each event share event.
  • Links: you can send a link to the file or folder; the links are unique, randomly-generate IDs. You can also set expiration times.
  • Collaboration: you can securely collaborate with others while sharing folders or files applying permissions you select.  For example, Read-Only.

 

Audits

Privanz logs all file and user activities on the application and maintains a complete audit trail of all activity within the account.

 

In Storage – Encryption

At rest, files remain encrypted on both application level and at volume-level.

  • All files’ data is encrypted by your file keys with 256-bit AES encryption. You are the only one managing these. You must never lose your passwords, because you will lose access to your files.
  • Because data is encrypted in storage, even if someone were to access, they could not see the data in the clear.
  • Privanz servers uses hypervisor virtual layers isolation. It operates by giving servers the treatment as if they are on separate physical hosts (physical RAM is separated using similar mechanisms) with no access to raw disk devices, but instead are presented with virtualized disks for your data running an AES-256 encrypted filesystem with integrated cypher feedback.
  • Your data is logically separated from other components. It resides on it’s own private network on the selected location, and it is protected with security firewalls and network access control lists (ACL’s).

 

State-of-the-Art Data Centers

Privanz uses multiple data centers to host its application architecture and data, providing essential redundancy.

All data centers are SAS-70 Type II and ISO 27018 compliant and use advanced measures for redundancy, availability, physical security and continuity. Also are participants in the EU-US Privacy Shield framework developed by the U.S. Department of Commerce and the European Union.

 

  • Availability: Each geographically separated data center have  redundancy for all critical components, including cooling systems, power, connectivity, and other essential systems. This provides high availability (HA)
  • Physical security: facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means.

If you would like further descriptions, please send your inquiry to security@privanz.com

 

HIPAA & HITECH

Privanz works in compliance to HIPAA and HITECH standards, as well as having the ability to sign HIPAA Business Associate Agreements (BAAs).

Privanz addresses regulatory compliance requirements for our Enterprise customers by implementing administrative, physical and technical safeguards that ensure confidentiality, integrity and security of your data

  • Data encryption in transit and at rest
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Administrative controls granted to the customer
  • Audit trails
  • Permissions
  • Monitoring
  • Access to customer data files is highly restricted
  • Multiple facilities to mitigate disaster situations
  • 99.9% uptime SLA
  • SSAE 16 Type II

 

 

Related Information:

Legal Information

  • Terms
  • Intellectual Property

    • Policies

  • Privacy Policy
  • Copyright Policy
  • Conduct Policy
  • Security Policy

    • © 2017 Privanz Cloud. All rights reserved