Transparency

Honesty is one of our three core values. And saying we are honest is one thing, but doing it is another. On this page we therefore will do what we say we do. And that is transparency and honesty.

Security

Security is paramount, that is what we are saying that we are doing. That means we have to do this ourselves as well. Below you will find an overview of security tests and our explanatory notes on them. Wherever technical possible we have applied all suggestions for improvements.

N

Security Rating

Our partner SecurityScorecard gives us the excellent rating A (100%) on our entire public digital footprint. We score an A (100%) in the area of Network Security, DNS Health, Patch management, and IP Reputation. With regard to Application Security we also score A (100%).

A summary from SecurityScorecard can be downloaded here.

Doing business with us means a 5 times smaller chance of a breach or data breach than with organizations that score C or lower!

Secure connection

A secure website starts with a secure connection. That is why we are putting everything in place to take all the security measures that we can.

Internet.nl therefore gives our website a score of 97%.
Source: https://internet.nl/

Secure website

We have also taken the necessary steps regarding the configuration of our web servers. Not only the website and connection must be secure, but also the platform on which it runs.

ImmuniWeb therefore gives our website a score of A+.
Source: https://www.immuniweb.com/

Secure headers

Our website has a set of well-configured Security Headers. This means that the webbrowser can take specific security measures to ensure that our website cannot be misused to mislead you.

Security Headers therefore gives our website a score of an A.
Source: https://securityheaders.com/

Encryption guaranteed

We comply with the so-called HSTS preload status. With this, all modern web browsers know that our website should always be visited via HTTPS (encryption). So when someone breaks into your connection, the traffic cannot be diverted.

HSTS preload therefore indicates that our status for HSTS preload is allowed .
Source: https://hstspreload.org/

Robust encryption

Our website has a strong and modern encryption standard! This means that the connection between your computer and our server is in a robust way encrypted.

Qualys SSL Labs therefore gives our website a score of an A+.
Source: https://www.ssllabs.com/

Secure email traffic

In addition to a secure website, secure email traffic can obviously not be missing. That’s why we do everything we can to keep our email traffic secure with all our customers and suppliers. For that, we have the highest score possible.

Internet.nl therefore gives our email environment a score of 75%.
Source: https://internet.nl/

Responsible Disclosures

Ethical hackers make a great contribution to the digital security of our society. In addition to having a procedure so that we can report found vulnerabilities, we also state below which valid reports have been made.

Our Hacker's Hall-of-Fame

  • 2020/09/08 – Shebi LeviDenial of Service vulnerability in wp-cron.php – no patch by WordPress; applied work-around
  • 2020/04/02 – Gul HameeTabnabbing vulnerability on a set of links – no patch by Divi; removed “_blank” targets from links
  • 2019/08/06 – Mansouri BadisDenial of Service vulnerability in XML-RPC – no patch by WordPress; applied compensating controls
  • 2019/06/03 – Asim – Denial of Service vulnerability in script-loader.php (CVE-2018-6389– no patch by WordPress; applied compensating controls

Data breaches and legal requests

Security is one of course, but privacy is another. Here we communicate transparently and honestly about all our data breaches, and the number of data requests made by, for example, courts.

Overview data breaches

Fortunately, we have not had any data-leak yet!
i

Overview legal requests

We have not yet received legal requests for information regarding one or more of our customers.

Geolocation data processing

We choose our technology suppliers and partners carefully. One of the most important criteria is the storage location of the data we process. In addition, we always agree upon a Data Processing Agreement, which corresponds to the Standard Contractual Clauses of the EU, with the supplier.

Overview core suppliers

  • We use Amazon Web Services to host our website and our own services. We primarily use the data center in Germany, and as secondary the data center in Ireland.
    Read more about their GDPR policy here.
  • Cloudflare is used to protect our website and our own services from cyber attacks. The nature of the architecture is that the closest edge servers are used. For our Dutch customers this is Amsterdam, for example.
    Read more about their GDPR policy here.
  • Google Suite is our office, collaboration and email environment. We have also set the storage location to the European Union.
    Read more about their GDPR policy here.

Sustainability

There is something else that we find very important. And that is sustainability. With our company we depend on third parties for a sustainable approach. Because our company works entirely in the cloud. We do not have our own servers and other hardware, other than a laptop and a smartphone per employee.

For that reason we provide data or links to sustainability information of our core suppliers for data storage and processing capabilities.

Overview core suppliers

  • Amazon Web Services is committed to run their business in the most environmentally friendly way possible
  • Cloudflare has deployed their architecture in such a way that energy is not wasted as much as possible.
  • Google strives to build sustainability into everything they do.

• • •