Security & Privacy
Security and privacy are our top priority, that’s what we say we do. That means we must do this ourselves. Below you will find an overview of safety tests and our explanation of them. Of course, we have applied all the improvement suggestions from all test sites where technically possible.
Security Rating
The security score from SecurityScorecard can be viewed live here or downloaded here.
Doing business with us means a 5 times smaller chance of a breach or data leak than with organizations that score a C or lower!
Secure email traffic
Secure email traffic is very important. Therefore, we do everything we can to keep our email traffic with all our customers and suppliers safe. We have therefore achieved the highest possible score for us.
Internet.nl gives our email environment a score of 77%.
Source: https://internet.nl/
Secure connection
Internet.nl therefore gives our website a score of 100%.
Source: https://internet.nl/
Secure website
We have also done a lot in terms of configuring our web servers. Not only the website and connection need to be safe, but also the platform it runs on.
ImmuniWeb gives our website a score of A+.
Source: https://www.immuniweb.com/
Robust encryption
On our website and services, we use strong and modern encryption standards. This means that the connection between your computer and our server is robustly encrypted and protected. This prevents data leakage.
Qualys SSL Labs gives our website a score of A+.
Source: https://www.ssllabs.com/
Encryption guaranteed
We comply with the so-called HSTS Preload status. This lets web browsers know that our website should always be visited via https (encryption). When someone breaks into your connection, the traffic cannot just be redirected.
HSTS Preload therefore indicates that our status for HSTS Preload is allowed.
Source: https://hstspreload.org/
Secure headers
Our website has a set of well-developed Security Headers. This means that the web browser can take specific safety measures so that our website cannot be misused to mislead you.
Security Headers gives our website a score of A.
Source: https://securityheaders.com/
Privacy protection and legal requests
Security is of course one thing, but privacy, its protection, and legal requests are also part of it. See our Privacy Statement for more information on what we do to protect your privacy.
Responsible Disclosures
Ethical hackers make an incredibly important contribution to the digital safety of our society. In addition to having a procedure so that we can be informed of found vulnerabilities, we also list below which valid reports have been made.
Our Hacker's Hall-of-Fame
- 2023/12/10 – Raju Basak – Security Misconfiguration vulnerability in HTTP security headers (presence of unsafe-inline and unsafe-eval in the Content-Security-Policy) – no patch by WordPress and used plugins and themes to allow to drop this mechanic; applied compensating controls
- 2021/01/29 – Chan Nyein Wai – Denial of Service vulnerability in load-styles.php – no patch by WordPress; already applied compensating controls in regard to report of 2019/06/03 for CVE-2018-6389
- 2020/09/08 – Shebi Levi – Denial of Service vulnerability in wp-cron.php – no patch by WordPress; applied compensating controls
- 2020/04/02 – Gul Hamee – Tabnabbing vulnerability on a set of links – removed “_blank” targets from links or added relevant rel attributes to mitigate the vulnerability
- 2019/08/06 – Mansouri Badis – Denial of Service vulnerability in XML-RPC – no patch by WordPress; applied compensating controls
- 2019/06/03 – Asim – Denial of Service vulnerability in load-scripts.php (CVE-2018-6389) – no patch by WordPress; applied compensating controls
Geolocation data processing
We carefully select our technology suppliers and partners. One of the most important criteria is the storage location of the data we process. We also sign a Data Processing Agreement if required. If personal data is transferred from the European Economic Area (EEA) to countries or organizations outside the EEA, we take additional measures, such as signing the Standard Contractual Clauses of the European Commission.
Overview core suppliers
- We use Amazon Web Services to host our website and our own services. We primarily use the data center in Germany, and as secondary the data center in Ireland. Read more about their GDPR policy here.
- Cloudflare is used to protect our website and our own services from cyber attacks. The nature of the architecture is that the closest edge servers are used. For our Dutch customers this is Amsterdam, for example. Read more about their GDPR policy here.
- Google Suite is our office, collaboration and email environment. We have also set the storage location to the European Union. Read more about their GDPR policy here.
Sustainability
There is something else that we find very important. And that is sustainability. With our company we depend on third parties for a sustainable approach. Because our company works entirely in the cloud. We do not have our own servers and other hardware, other than a laptop and a smartphone per employee.
For that reason we provide data or links to sustainability information of our core suppliers for data storage and processing capabilities.
Overview core suppliers
- Amazon Web Services we use for hosting our website and our own services. We primarily use the data center in Germany, and secondarily the data center in Ireland.
Read more about their GDPR policy here. - Cloudflare we use to protect our website and our own services against