Pelt8 Data Hosting: Data Security, Data Backup and Data Deletion Policy

Pelt8 Data Hosting: Data Security, Data Backup and Data Deletion Policy

1. Data Location and Security
  • All data is securely stored in the Switzerland North Azure Region.

  • Data is encrypted at rest to ensure enhanced security.

2. Data Safeguards
  • Redundant storage solutions are employed, including Zone-redundant storage for database data.

  • Physical hazards such as fire and water damage are mitigated through comprehensive Datacenter environmental safeguards.

3. Data Access Security Measures
  • Access to the application and API is strictly controlled using Microsoft authentication.

  • Mandatory two-factor authentication (2FA) is enforced for user authentication.

  • Database access is restricted to a private endpoint within the virtual network, requiring Microsoft Entra authentication.

4. Disaster Recovery and Incident Response
  • Disaster recovery planning adheres to Azure SQL Database disaster recovery guidance.

  • In the event of a security incident, a thorough investigation is conducted to assess the situation. Clients are promptly notified as necessary.

  • Corrective measures are implemented to prevent future incidents.

5. Data Export and Retention
  • Permitted users, including selected administrators, can export data.

  • Data retention aligns with specified backup and retention policies.

  • Per the Data Processing Agreement (DPA)  and the Privacy Policy Data, all data is deleted upon contract termination, unless legal obligations require retention beyond the termination date. Pelt8 ensures deletion of all submitted data (including private data) within 30 days of contract termination.

  • 6. Backups and Recovery
  • Regular backups are conducted to safeguard against data loss.

  • Data recovery methods are tailored to specific circumstances and may involve custom scripts.

  • Data recovery time varies based on the task but typically takes several hours.

7. Certifications and Compliance
  • Pelt8 actively pursues relevant certifications and test certificates as the company and resources expand.

  • Data export, retention, and compliance are managed in accordance with established policies and regulatory requirements.

Note: This policy is subject to periodic review and updates to align with evolving security standards and legal obligations. For any inquiries regarding data security or retention practices, please contact our Data Protection Officer.