The following is a description of the organizational structure and technical measures put in place by FluksAqua to protect customer data, as specified in section 3.5 of our Terms & Conditions:
FluksAqua ensures, in accordance with our Terms and Conditions:
- The total anonymity of forum contributors: no personal data associated with a user’s alias can be transmitted to any third party whatsoever, except with the user’s express and prior consent.
- The full protection of data entrusted to us by the water and wastewater industry: any data received from a customer is only accessible to the users authorized by that customer.
To this end, our data security policy is built on the following core elements:
- Secured access to data. FluksAqua platform has been precisely designed to operate with complete security in public and private Internet infrastructures. The highest level of data security is guaranteed by:
- Full encryption of data in transit from or to your devices using the most recent secure encryption protocol (TLS 1.2).
- User authentication for every request, implemented using the standard OAuth2.
- A redundant and N-tiers layered architecture for increased reliability.
- Safe and reliable data storage. FluksAqua data storage is provided by Amazon Web Services which is certified compliant with the ISO 27018 standard for protecting personally identifiable information in the cloud. Amazon Web Services data protection includes the following key features:
- Automatic encryption of data once uploaded, using Advanced Encryption Standard (AES) 256-bit symmetric keys.
- Immutability of data, which preserves data integrity by ensuring that data can not be updated once uploaded.
- Durability of data, with infrastructures designed to survive most eventualities (average annual durability of 99.999999999% for a given archive)
- Reliability of storage, with redundant storage across multiple facilities and multiple devices in each facility.
- Data security accountability. Data access is internally restricted to customer support employees and subcontractors. These individuals are bound by strict confidentiality agreements. Moreover, their access to data is controlled via identity-based accounts which are subject to audit trails and which only allows them to complete specific tasks and assignments.