Your security is of utmost importance to us! Here is a summary of what we do every day to ensure the security of your data and to guarantee that we adhere to the best practices on our SaaS platform.
Backups / Disaster Recovery
Backups
Customer data is at the core of Madiasoft’s focus. To ensure its integrity and availability, Madiasoft operates a robust and redundant backup system.
Backup infrastructures are not located in the same region (i.e., the same data center) as production systems. This organization ensures an optimal level of availability and integrity while meeting our RTO and RPO requirements.
The frequency of backups and retention duration is as follows:
- Customer files stored by Kafinea: Daily backup, retention for 100 days
- Kafinea Customer Database: Daily backup, retention for 7 days
Disaster Recovery
- RPO: Recovery Point Objective
For Kafinea, the default is 24 hours. - RTO: Recovery Time Objective
As a standard, Madiasoft does not define an RTO for Kafinea. However, in the event of a severe disaster causing a prolonged service interruption for a given client, Madiasoft commits to restoring the Kafinea service within 48 hours based on the most suitable backup.
Database Security
- Customer data is stored in a dedicated database with no data sharing between clients.
- Access control rules implement complete isolation between client databases running on the same cluster, preventing any access from one database to another.
Password Security
Each Kafinea user is authenticated by a unique identifier and a strong password. The addition of a second authentication factor is strongly encouraged and will soon be mandatory.
User passwords are not stored in clear text in Madiasoft’s information system.
The default rule for our perimeters is to use irreversible encryption functions such as “hashing” with secure algorithms.
System Security
A hardening policy aimed at securing operating systems is in place. This involves reducing the possible attack surface by disabling or removing non-essential objects (services, applications, features, etc.). It includes implementing specific security options and ensuring software updates.
Hardening operations on server operating systems cover:
- Update
- Account strategy
- User and network rights
- Logging
- Malware protection
- Role and feature service
- User space
- Disk space
Banking Information Security
- We never store credit card information on our own systems.
- Information regarding your credit card is always transmitted securely directly between you and our payment acquirers compliant with PCI standards.
Application Design Security
Madiasoft has implemented an approach to integrate security throughout the life cycle of developed applications. This is inspired by OWASP recommendations.
Data Encryption
Data Transfer to Public Networks
Data is encrypted during transfers to public networks using secure protocols (HTTPS, TLS, SFTP, SSH, etc.).
Certificates
To ensure the highest level of security, HTTPS certificates used by Kafinea come from public and recognized certification authorities. The management of these certificates is governed by procedures covering their life cycle.
Encryptions
The rules regarding the length of encryption keys are:
- Asymmetric encryption: greater than or equal to 2048 bits
- Symmetric encryption: greater than or equal to 256 bits
Madiasoft uses encryption software based on AES256 to create secure archives.
Security Vulnerability Management
Vulnerability Scanner
Scans across the entire Internet perimeter of Madiasoft’s IT system are regularly launched using a vulnerability scanner managed by Madiasoft’s security team.
These scans ensure the proper configuration of hardware and software to detect the emergence of vulnerabilities.
Results are reviewed and subjected to specific action plans.
Reporting Security Vulnerabilities
If you need to report a security vulnerability, please share the details by writing to security@madiasoft.com. These reports are treated with high priority, and the issue will be assessed and resolved by the Kafinea security team in collaboration with the reporter.