Security at Efelya
Your personal data security is our top priority at EFELYA. We do understand that your app profile may contain highly sensitive personal data. Therefore, every day we do our best to implement industry best practices and standards.
Legal compliance
EFELYA is committed to ensuring the security and protection of personal data following the requirements of the EU General Data Protection Regulation, California Consumer Privacy Act and other regulations.
3rd party audits
We regularly conduct audits with the assistance of well-known third-party agencies to screen and enhance our internal security processes and policies.
Physical and environmental security
EFELYA complies with the highest industry standards for physical, environmental, and hosting controls. EFELYA data centers handled by COREYE are designed and approved to securely host medical data.
Product security
Servers and networking
We use COREYE to host all production environments. COREYE is designed to help us build a secure, high-performing, resilient, and efficient infrastructure for our application they are secure by design certified by the Haute Autorité des Donnees de SDante in France. All our production servers are immutable, continuously patched Docker-based systems. To secure communication over the network, we use HTTPS protocol encrypted using TLS (Transport Layer Security).
Storage & Encryption
EFELYA stores all data such as metadata, activity, original files, and customer’s data in different places. All data is encrypted in each place.
End-user sensitive data is removed from logs and EFELYA engineers have no access to this data
Isolated environments
The Production network is isolated from other Staging, Development, and Infrastructure environments.
Customer payment data
All payments are processed either by the App Store, Google Play or Stripe who take full responsibility for payment security. Efelya doesn’t store any credit card information.
Secure by design
EFELYA engineers leverage best product development techniques that adhere to industry standards such as having a documented development and quality assurance processes. Guided by security principles of confidentiality, integrity, and availability, we design our app in such a way to reduce risks of vulnerability-opening mistakes.
Service levels and backups
EFELYA infrastructure utilizes many layered techniques for increasingly reliable uptime, including the use of auto-scaling, load balancing, task queues, and rolling deployments. We do full daily automated backups of our databases. All backups are encrypted.
System monitoring and alerting
At EFELYA, the production application and underlying infrastructure components are monitored 24/7/365 days a year, by dedicated monitoring systems. Critical alerts generated by these systems are sent to 24/7/365 on-call service owners and escalated appropriately to operations management.
Vulnerability (penetration) testing
EFELYA performs regular penetration tests conducted by industry-leading cybersecurity red teaming companies for network configuration, infrastructure, and application layers. This vulnerability testing includes the use of commonly known web application security toolkits and scanners to identify application vulnerabilities before they are released into production.
Incident Response and Data Breach notification
EFELYA established a process describing the actions to be taken once EFELYA becomes aware of any type of event categorized as an Incident including a Personal Data Breach, according to international guidelines and regulation act.
Security as part of Efelya corporate culture
EFELYA personnel and contractors are provided with security awareness education and are trained to perform their information security-related duties and responsibilities consistent with related policies, procedures, and agreements at least once per year. The EFELYA security team continuously reviews, updates, tests, maintains and improves corporate security and privacy programs.