Riminder's commitment to security

Updated 8 months ago by Mohamed Benqassmi

Keeping our customers' data safe is one of the most important thing that we care about at Riminder. We ensure that all data processed by Riminder is handled securely. Here, we'll share some of the details of what and how we do keep things secure. Don't hesitate to check out or Privacy Policy for any other related concern.

Experienced team

We're proud to have in our team people who've played major roles in designing, building and operating highly secure Internet facing systems and know all the ins and outs of the data security environment.

World class infrastructure

We host our services and data in Amazon Web Services and Google facilities in Europe. Further details about the measures Amazon and Google take in securing their facilities can be found here: https://aws.amazon.com/compliance/ and https://cloud.google.com/security/gdpr/

Best practices

At Riminder we follow and implement implement the market best practices to improve our security situation.

User rights and access

  • Our employees are required to commit to written information security, confidentiality and privacy responsibilities, while our developers are provided with a specific information security awareness training.
  • We clearly defined rules regarding user access rights, while a system logs, periodically reviewed, captures all granted accesses and the usage made with them.
  • The access to Riminder's premises is strictly controlled. All third-party person must be accompanied by a Riminder employee with the sufficient level of responsibility and security training to monitor its presence.

Incidents

  • We perform information security risk assessment at a planned interval and we document all the results.
  • We have developed an information security classification scheme. All incidents, whether it is reported by a person, detected upon periodic check of logs, or proactively notified by the logs analysis, will follow a strict urgency/threat/scope level classification with the corresponding handling procedures that are systematically triggered.

Network systems

  • Our data systems are completely separated from other systems, including network systems and webservers.
  • Our network segment is secured by different assets: in addition to the server provider security ones, we are using multiple security applications as proactive protection layers.
  • All data storage, data traffic, web traffic via our tools and servers or incoming or outgoing from our tools or servers obey cryptographic key management procedures.

Risk management

  • We've implemented annual penetration testing for systems and applications, vulnerability procedures and periodical screening tools to detect and present malware, malicious code, or unauthorised execution of code.
  • All application changes undergo testing and include relevant security controls. They are required to meet validation criteria in the development, testing and production environments. 

Third parties

  • Third-Party providers (including hosting services) undergo a security risk assessment prior to their purchase and a periodic security risk assessment to validate compliance.

Payment details

Our business is not about processing and storing payments. We work with Stripe, our partner through which all payments made to Riminder go through. Check their security page for more details.


How Did We Do?



Powered by HelpDocs