Enterprise-level Security to Keep Your Data Safe

The security of your data is very important to us. That is why we invest in the best possible security measures to keep your data safe. We’ve outlined the most important measures to keep your data safe below. We don’t share all the measures we take because hackers can read too. 😉

ISO 27001 and ISO 9001 certified

Edloomio is ISO 27001 certified, which is globally recognized as the leading information security management system (ISMS) standard.

Edloomio is ISO 9001 certified. ISO 9001 outlines a process-oriented approach to documenting and reviewing the structure, responsibilities, and procedures required to achieve effective quality management within an organization.

Human Firewall

Our team is highly security-aware. We

only deploy up-to-date and modern browsers,
use password managers
use different passwords for all sites
regularly update passwords
use two-factor authentication wherever possible,
never download customer data,
sign confidentiality agreements,
and keep our knowledge and awareness up-to-date with frequent training.

Security by Design

Updates

We’ve engineered our platform to ensure that your data is secure at all times. Each new release of the edloomio system contains the latest security measurements.

Pentest

For each update, we perform our internal penetration test, also known as pentest. Each year we order a pentest from an external certified company. A pentest is a simulated cyber attack against our system to check for exploitable vulnerabilities.

Cloud Hosting

Our private cloud operates in the ultra-modern “green” data center in Munich, Germany.

Our hosting partner is constantly auditing its services and has proved to be compliant with the following standards, among others:

ISO 27001
ISO 27017
ISO 27018
SOC 2
SOC 3

The Data Center has strict access rules, to make sure that no one unauthorized has access to the Data Centers. This includes constant CCTV monitoring and access control based on magnetic cards.

GDPR

We are fully GDPR compliant.

Any transfer of data will only occur in compliance with the GDPR and if the specific requirements of Article 44 et seq. of the General Data Protection Regulation (GDPR) have been fulfilled.

We only work with subcontractors that guarantee at least the same level of data protection under standard contractual clauses (SCCs) as stipulated by the European Commission.

Data Encryption

We use the most advanced encryption technology publicly available to secure your data.

Secure Sockets Layer (SSL)

We use domain-validated certificates with a key length of 256-bit. This is the same type of encryption used by large banks to keep your information secure.

Password Hashing

We convert user passwords into a hash value before being stored on the server. It compares the hash value re-calculated during login to the one stored in the database for validation.

This means that we cannot recover any password as we only hold the encrypted version. If a user loses a password, it can only be reset. For additional security, we enforce a minimum password length.

If your company uses Single Sign On, like Okta, Active Directory, or other SSO providers, passwords are not stored on our servers at all.

DDOS Protection

Our built-in DDoS protection is a security system that automatically detects most DDoS attack patterns and filters the incoming traffic to the server so that the “malicious” attacking traffic is dropped and only the “real” desired traffic arrives at your server.

This means that you, as an edloomio customer, will barely notice a possible attack while our DDoS protection filters the ongoing attack for you.

Built-in Antivirus

Our platform has built-in intelligent antivirus and security monitoring tool with automatic malware cleanup, domains reputation monitoring, and blacklist status check.

Monitoring

We closely monitor the performance of our application and databases via several monitoring tools. Any system errors are logged and trigger notifications to our development team.

Backups

We take backups daily that are stored encrypted on remote servers. This ensures we can restore your data in case of failure or accidental deletion.