Trust Center /

Data Security

We put an honor in high data security

Described below is how we handle data security, and how we work with security in our organisation. From GDPR, encryption, and to authenitication, accesscontrol, and fail-safes. You can also see our certificates as PDFs, where available.

How do we secure your data in GDPR compliance?

  • Our platform and the entire solution is build around handling sensitive data and personal information. Which is why Creditro has passed and are awaiting ISAE 3000 certification, which is a statement about how personal data is handled in compliance with GDPR.
  • We are already pastmore than 150.000 users, whom have verified themselves with our identity platform, and more than 250 accountants-, law firms- and financial industries use Creditro to secure their business against money laundering and fraud on a daily basis.
  • You can always contact info@creditro.com and get a copy of your data processor agreement.

Prevention of unauthorized product access:

This happens as an outsourced service; We host our service with an outsourced cloud-based infrastructure supplier. Contractual relations are maintained with suppliers to deliver the service i accordance with the data processor agreement, cf. § 4.2.

Creditro is dependant on contractual agreements, including data processor agreements and complianceprogrammes from suppliers to secure data being processed or stored by said suppliers.

Physical and environmental security:

We host our productinfrastructure with multi-tenant, outsourced infrastructuresuppliers. The physical and invironmental security protocols are reviewed for SOC 2 Type II and ISO 27001 compliance, among other certifications.

Authentification:

Creditro enforces a unifrom passwordpolicy for our client products. Clients who interact with our products through the userinterface, must authenticate, before access is granted to non-public clientdata.

Authorization:

Clientdata is stored in multi-tenant storagesystems, which is only available for clients through application user interfaces and application programming interfaces. Clients do not get access to the underlying application infrastructure. The authorizationmodel in each of our solutions is designed to ensure that only the assigned persons can get access to relevant functions, views,
and customization options.
 Authorization for datasets is granted by validating the users permissions against the attributes attached to each dataset.

API-access (Application Programming Interface):

Public product-API’s can be accessed by an API-key or through Oauth-authorization.

Prevention of unauthorized product access:

Creditro enforces industry standard access control and detection functions for the internal networks that support our products.

Access control:

Network access control mechanisms has been designed to prevent network traffic using unauthorized protocols to reach the product infrastructure. The implemented technical features is seperated from the infrastructure suppliers and includes Virtual Private Cloud (VPC) implementations, security group settings and traditional firewall rules.

Registration and breach prevention:

We utilize a Web Application Firewall-solution (WAF) to protect hosted client-websites and other online applications. WAF is designed to identify and prevent attacks against publicly accessible network services.

Static code analysis:

Securityreviews of code stored in our sourcecode vaults, is being done with appropriate intervals and checks for best coding practice and identifiable software errors.

Transmission control:

 

In transit:

Creditro enables HTTPS-encryption (also known as SSL or TLS) on all login sites and makes it freely available on all customer websites hosted on our Creditro products. Our HTTPS-implementation uses standard industry algorithms and certificates.

 

At rest:

Creditro stores user passwords according to policies following standard industry security protocols. Creditro has implemented technologies to ensure that stored data is encrypted at rest.

Access control:

 

Registration:

Creditro has designed its infrastructure to log extensive information about system behavior, incoming traffic, systemauthorization, and other application requests. Internal systems collects logdata and warns relevant employees of malicious, irregular, or unintended activities.  Our personnel, including security-, maintenance-, and supprt-personnel, are vigilant and trained to handle events.

 

Response and tracking:

Creditro maintains a log of known securityevents, including descriptions, dates, and timestamps of relevant activities, and disposition of the events. Suspected and confirmed securityevents will be investigated by security-, maintenance-, and supprt-personnel and appropriate countermeassures will be identified and documented. For all known events Creditro will take appropriate actions to minimize damage to clients and products or unauthorized publication of data. Notifications to clients will be in accordance to terms agreed in our contracts.

Availability control:

 

Infrastructure availability:

Infrastructuresuppliers makes a commercially fair effort to secure a minimum of 99,95 % uptime. The suppliers maintain a minimum of N+1 redundancy for power and network.

 

Fault tolerance:

Backup- and replicationstrategies are designed to secure redundancy and failover protection during a critical system operation. Client data are backed up to multiple datastorage facilities and are replicated across several availability points.

 

Online replicas and backups:

Productiondatabases are designed to replicate data between no less than a primary and secundary database wherever possible. All databases are backed up and maintained using industry standard methods or better.Our products are designed to secure redundancy and problem-free failovers. The servers supporting our products
have also been designed with a goal to prevent single points of failure. This design helps our services by maintainging and updating the productapplications and backend while simultaneously limiting possible downtime.

Are you ready for the secure solution of the future?

Contact us and let us show you how we can automate your processes
We are ready to find the best solution for you

You can learn more about our products here:

Read more about our Compliance-solution Creditro Comply. Creditro Comply delivers automatic handling of KYC-processes and risk-assessments based on intelligent data. Creditro is always up to date in the current legislation so you can rest assured that your business remains compliant. Our solution can automate your processes and save you up to 95% of time spent on KYC related work. In fact, our customers end up using less than 5 minutes per KYC case.

Read more about Creditro for accountants. Our platform can also give you preliminary risk assessments and in connection with your KYC-check you can automatically have a credit assessment of your client and simultaneously screen against fraud.

Read more about Creditro for lawyers. As a lawyer, you must always be well equipped to detect fraud. With Creditro your ability to detect and screen for financial crime will grow more efficient. For our intelligent tools never sleep, they provide constant real-time in-depth knowledge and overview of your clients.

Read more about Creditro for financial industries. With our compliance platform you can save up to 75% of the manual workload associated with KYC-related tasks. In short we put your clients through an automatic KYC-check and set up rules and variables to detect which clients can be automatically approved and which clients needs further investigation.