How do we ensure your data protection?
At octobox.co we deeply care about our users’ data security. We realize it is essential to earn your trust, that is why we do what we can to make Octobox the safest place possible.
We implement a variety of security measures to maintain the safety of all personal information you provide us with.
In this Safety & Security section you will find information on how we protect your data and how the servers that process it are protected.
Excluding off-side backup, Octobox is hosted on our own GoDaddy dedicated servers with hourly dedicated backups, our servers are based in Europe and Canada.
2. Sensitive/credit information security
Your account is protected by a password for your privacy and security. You are responsible for preventing unauthorized access to your Octobox account and all the personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you finish accessing your account. We outsource payment processing to ensure the highest standard of safety. We decided to use Braintree as one of leading solutions regarding payment collection.
To assure the safety of your sensitive/credit information, we use a secure server. All supplied sensitive/credit information are transmitted via Secure Socket Layer (SSL – a technology which ensures privacy by generating an encrypted link between web server and browser) and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential.
After a transaction, your private information (credit cards, passwords, financials, etc.) will not be stored on our servers.
3. Passwords at Octobox.co
All passwords to Octobox accounts are protected with RSA 2048 encryption. Our personnel are unable to access your email account passwords, unless you explicitly share such data with them.
To make sure your information is transmitted via SSL, you should always see a green closed padlock by the HTTPS connection in your URL bar .
4. Backups & infrastructure security
a. triple encrypted data backup;
b. protection against DDoS attacks;
d. private IP addresses.
Database dumps take place every hour and the data stored on WWW hosting is copied each 6 hours in order not to lose any of the data provided by our users.
We want to minimize the situations in which the data a user is adding to Octobox is not saved due to a sudden update of the infrastructure, that is why the infrastructure updates take place only when necessary.
What is more, the Octobox team makes sure that all additional actions are taken to maintain a secure infrastructure and application environment, that is why we cooperate with a group of experienced admins who monitor system activity 24hours/7 days a week. We have implemented an effective disaster procedure what ensures that we are able to detect and recover data in case of most errors.
Physical security of servers & data centers
The data centres are under 24/7 security, constant conservation, constant registered monitoring, and movement detection. All spheres are protected with fences equipped in barbed wire, which enables only authorized personnel to enter the data centres and react immediately to any emergencies.
We take the safety of your information very personally, that is why we work within and implement the regulations of ISO 27001 data safety management system on the daily basis. Currently, we are in the process of confirming our actions to maintain security and safety of our users’ data by having them certified.
System status security
We are extremely proud of a very small number of incidents that have caused any breaks in the access to Octobox. We are not ashamed of any difficulties occurring in the past, that is why we keep the history of our system status out for public.
However, in case of any issues in the future we make sure to constantly monitor the status of our system and inform our users of any problems. You can look at the current status of the system in our System Status page and even subscribe for email updates, which will inform you of any issues or planned maintenance breaks if they ever took place.
Disaster Recovery Policy
This policy explains a baseline disaster recovery plan and timeline implemented by Octobox. It shall guarantee transparent and reliable system functioning. This policy shall have an informative character for all customers (once it comes to risk assessment and data safety).
This policy applies to Octobox application available via https://app.octobox.co/login and shall affect data stored by Octobox.co once aggregated through the application. This policy details the strategy Octobox has put in place, and maintains, to risk assess Disaster Recovery (DR) requirements and develop, implement and regularly test the solution aimed at providing an appropriate response for each service depending on its identified criticality.
For the purpose of this Policy, disaster shall mean a serious incident that cannot be managed within the scope of Octobox’s normal working operations.
Octobox uses security measures which ensure a high standard of data safety. Our disaster recovery is based upon the operational ability of vendor which deliver servers, administrators monitoring and in-house procedures.
Octobox application shall be under constant monitoring and control checks concerning working fluency. We ensure that our Dev team shall maintain and react if necessary, in case of downtime. Furthermore, we inform that our day-to-day network checks are performed by external Administrators who ensure secure backups storage and performing tests concerning data restoration. We create backup each 6 hours to secure data.
If there is anything that affects functionality of our application, Octobox shall update its status or notify customers, provided that there is such technical and business possibility, and inform about foreseeable time of recovery and damage restoration.
If you need any precise information that may address your risk assessment needs feel free to contact our Data Protection Officer via firstname.lastname@example.org .
All the data you provide us with will be processed by:
Prospectr Ltd T/A Octobox
15 Neptune Court
Transaction data, in that personal data, can be transferred for the benefit of:
Stripe Inc, 510 Townsend Street
San Francisco, CA 94103, USA
on the terms that will be beneficial to service connected to order payments.