Security Policy

Purpose

The purpose of this page is to outline the measures that Relokia (the Vendor) takes to safeguard personal and other consumer data. Relokia considers data a primary asset and as such must be protected.

This page should be read along with the Privacy Policy and Terms of Service.

Scope of the Policy

This policy applies to all Relokia and customer data assets that exist in any Relokia processing environment, on any media during any part of its life cycle. The following entities or users are covered by this policy:

  • Full or part-time employees of Relokia who have access to Relokia or customer data.

Security levels

Physical security

The data centers of Relokia are located in Germany. The hosting provider, Hetzner Online, takes superior measures that provide physical safety of the hardware.

For instance, data center parks are protected from fire and natural disasters. Only authorized personnel can access via electronic access control terminals with a transponder key or admission card. Data parks are under 24/7 surveillance and are equipped with diesel power generators for autonomous mode.

Network security

The network security team at Relokia protects your data against the most sophisticated electronic attacks. We use the best and proven practices of network security.

Relokia offers the following preventive measures:

  • Network firewalls;
  • DDoS preventions;
  • Network posture assessment.

Corporate security

Only authorized entities at Relokia are granted access to the source code, can work on custom migrations and solve support cases on demand of the customer support department. Different entities have different access rights depending on their position and responsibilities. All entities have their own access credentials as well as some parts of the software can only be reached from specific IP addresses.

The location of data

All data collected by Relokia is stored electronically in Germany on the Hetzer Online data center. The data can only be accessed by authorized entities of Relokia. No outside sources are allowed to connect to the database.

Security Audits

Relokia scans its systems to prevent any vulnerabilities on a regular basis. The software and applications are constantly updated, so all connections to the previous version are limited, logged and checked.

We absolutely comply with your confidentiality and guarantee that all your data is 100% secure at all times. We take appropriate security measures to protect against unauthorized access or unauthorized alteration, disclosure or destruction of data.

These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

Certification & Compliance

EU GDPR

Relokia is compliant with the requirements of the General Data Protection Regulation. You can learn more information by checking the Privacy Policy.

ISO/IEC 27001:2013

The data centers of Relokia are compliant with ISO/IEC 27001:2013 since the hosting provider, Hetzner Online has achieved this certificate.

PCI DSS

Relokia uses 2Checkout and PayPro to accept payments. Both providers are certified PCI Level 1 Service Providers, the most stringent level of certification available in the payments industry. You can verify this by checking 2checkout’s fraud protection policy and PayPro’s compliance page.

Relokia does not collect, store or process your payment data. As mentioned above, all payments are done via 2Checkout and PayPro.

How to report a security vulnerability?

If you believe you’ve found a security vulnerability, please contact us at contact [at] relokia [dot] com. Also, include the following information to help investigate the case:

  • Description of the location and potential impact of the vulnerability;
  • A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and screen captures are all helpful to us).