1. Incident response plan
We have established a formal procedure for security events and have made our staff aware of our policies in the event of a breach. When security events are detected, they are transferred to our emergency email at email@example.com and our teams are notified and assembled in order to handle the event quickly.
Investigations are performed in person and shared across the company's departments. Measures are implemented to enable the detection and prevention of similar events in the future.
2. Automated correction processes
We have set up functional and frequently used automation that allows us to implement the changes made to our platforms within minutes. We usually implement code several times a week. We are therefore certain that we can quickly resolve security problems when necessary.
・ All customer data is stored in the EU.
・ Customer data is stored in multi-tenant databases. We do not have individual databases for each customer. However, all of our customers' data is partitioned and our application code is subject to strict confidentiality checks to ensure data confidentiality and to prevent access to customer data.
・ We use a mySQL database to store all data from studies. Data is stored on secure servers with advanced encryption, after pseudonymization.
・ Happydemics is 100% served over HTTPS. Happydemics operates a non-secure business network.
・ The Happydemics network contains no resources or additional privileges.
5. GDPR Preparation
・ We are closely monitoring the interpretations and guidelines for the main provisions of the GDPR established by the EU Article 29 Working Party. Our plans and our roadmap are adapted accordingly.