Skip to main content
Ga naar hoofdinhoud
Terug naar startpagina

Security & Privacy

Laatst bijgewerkt: 8 december 2024
v1.0

Hoe we jouw data beschermen en onze security maatregelen.

Security Garanties
Onze toezeggingen voor jouw data

Encryptie

Industry-standard encryptie voor data at rest en in transit

Secure Storage

Encrypted databases met restricted access controls

Incident Response

Notificatie binnen 72 uur bij security incidents

Data Handling

TutusPorta scans publicly accessible web pages. We temporarily store scan results and metadata to provide our service. We do not collect or store personal data from the websites we scan.

Privacy by Design

We only scan publicly accessible content and do not attempt to access protected areas or extract personal information.

Data Storage

All scan data is stored securely in encrypted databases. Access is restricted to authorized personnel only. We use industry-standard encryption for data at rest and in transit.

Security Measures

  • Encryption at rest: AES-256 encryption for stored data
  • Encryption in transit: TLS 1.3 for all connections
  • Access control: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and logging
  • Regular audits: Quarterly security assessments and penetration testing

Data Retention

Scan results are retained for the duration of your subscription plus 30 days. You can request deletion of your data at any time through your account settings or by contacting support.

Retention Periods

  • Active users: Scan data retained for the duration of subscription
  • After cancellation: Data retained for 30 days for reactivation
  • Account deletion: All data permanently deleted within 7 days
  • Audit logs: Retained for 1 year for compliance purposes

Third-Party Services

We use select third-party services for hosting, analytics, and payment processing. All third parties are vetted for security and privacy compliance.

Third-Party Processors

  • Vercel: Hosting and CDN (SOC 2 Type II certified)
  • Supabase: Database and authentication (ISO 27001 certified)
  • Mollie: Payment processing (PCI DSS compliant)

GDPR Compliance

All our third-party processors are GDPR compliant and have Data Processing Agreements in place.

Security Incident Response

In the event of a security incident, we will notify affected users within 72 hours and provide details about the incident and remediation steps.

Incident Response Process

  1. Detection: Automated monitoring and alerting systems
  2. Assessment: Immediate evaluation of severity and impact
  3. Containment: Isolate affected systems to prevent spread
  4. Investigation: Root cause analysis and forensics
  5. Notification: Inform affected users within 72 hours
  6. Remediation: Fix vulnerabilities and restore service
  7. Post-mortem: Document learnings and improve processes

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to security@tutusporta.com

Contact

Security Inquiries

E-mail: security@tutusporta.com

For security vulnerabilities or privacy concerns, please contact us at the email above.

Laatst bijgewerkt: 8 december 2024

Privacy PolicyContact opnemen