At Modjo, we have developed our platform with the security and confidentiality of your data at the heart of our concerns and our tool.
Here are our commitments:
We believe that the confidentiality of your data is essential. We promise never to divulge it or share it with anyone.
We do not analyze your data on our own behalf or on behalf of other clients. We do not derive any trends, statistics or other information from it. We process your personal data only in your interest and on your instructions.
We check the professional background and reliability of each candidate before hiring any new employee.
We include a robust confidentiality clause in every employment contract to ensure your data is protected.
We train and educate our employees to identify and respect the confidentiality of information they may have access to and to ensure its security.
We secure the physical access to our premises with a double access badge system that only our employees have.
Access to customer data is limited to only those teams who need to know it in order to carry out their missions. It is only possible to access the data with a personal identifier and a password.
Accesses are tracked and we keep the connection logs for one year. Only members of the Tech Team can access them.
We host your data on servers located in France.
We encrypt your data during transmission and storage. Their encryption is based on the S3 and RDS standards using the AES-256 encryption algorithm.
Data transmission is systematically carried out using the TLS protocol.
We host our clients' data in their own spaces so that it is segmented from client to client and the risk of data leakage is limited.
Your data is backed up daily. The backup is kept for 14 days and is encrypted. Only the system administrator can access it if necessary.
We manage security incidents to ensure that they are resolved within 24 hours and that access to our service is restored as soon as possible.
We have regular security audits performed by third-party organizations in the form of pentest and we systematically apply their recommendations.
We have put in place a crisis management procedure that can be activated in the event of a security incident in order to limit the potential impact as quickly as possible.
Each new development is subject to a code review to identify potential vulnerabilities upstream.