Pelt8 Data Hosting Policy

Data Security and Backup Policy

1. Data Location and Security

• All data is stored in the Switzerland North Azure Region.

• Data is encrypted at rest for enhanced security.

2. Backups and Recovery

• Regular backups are conducted to safeguard against data loss.

• Data recovery methods depend on specific circumstances and may involve custom scripts.

• Data recovery time varies based on the task but typically takes several hours.

3. Data Protection

• Redundant storage solutions are in place, including Zone-redundant storage for database data.

• Physical hazards like fire and water damage are protected against, as detailed in the Datacenter environmental safeguards.

4. Security Measures

• Access to the application and its API is strictly controlled through Microsoft authentication.

• Two-factor authentication (2FA) is mandatory for user authentication.

• Database access is restricted to a private endpoint within the virtual network, also requiring Microsoft Entra authentication.

5. Disaster Recovery and Incident Response

• Disaster recovery planning is discussed in Azure SQL Database disaster recovery guidance.

• In the event of a security incident, an investigation is launched to assess the situation, and client notification occurs as necessary.

• Corrective measures are implemented to prevent similar incidents in the future.

6. Data Export and Retention

• Data can be exported by permitted users, including selected administrators.

• Data retention follows specified backup and retention policies.

• Data is deleted upon contract termination.

7. Certifications and Compliance

• Pelt8 is actively working to secure test certificates and certifications as the company and resources grow.

• Data export, retention, and compliance are managed according to policies.