Loading...

Frequently Asked Questions on Firmli Security

Where is my data stored? Can I choose where my account and data will be located?

The Data Center where your data is stored is selected automatically based on the Country chosen by you while signing up for Firmli services.

Will Firmli employees have access to our data and what data will they have access to?

Access to your data is limited to a select few employees who require it for technical support purposes, following a need-to-know principle. Regular reviews are conducted to ensure the appropriateness of this access.

Is data stored on Firmli cloud products encrypted ?

We employ encryption protocols to safeguard customer data both in transit and at rest. Industry-standard AES-256 encryption is utilized for data at rest. Additionally, data transmitted over public networks is encrypted using Transport Layer Security (TLS) 1.2/1.3, ensuring protection against unauthorized access or alterations.

How are encryption keys managed, and can customers upload their own keys?

We manage and control encryption keys internally through our proprietary Key Management Service (KMS). Presently, there isn’t a feature allowing customers to upload and use their own encryption keys.

How does Firmli store passwords?

The passwords utilized for accessing Firmli services are stored using a non-reversible encryption scheme. We employ the bcrypt hashing algorithm with per-user-salt, ensuring that even if our login database were compromised, it would be exceedingly difficult and resource-intensive to reverse engineer the passwords.

How is customer data segmentation implemented in Firmli platform?

Our infrastructure allows us to manage and allocate space for our customers separately, ensuring that the data of each customer is logically separated from others. we ensure that each customer’s service data remains inaccessible to others, maintaining a strict segregation of data through robust implementation.

What measures does Firmli has in place to defend itself from DDoS attacks?

We use technologies provided by reputable and well-established service providers, which offer a range of Distributed Denial of Service (DDoS) mitigation capabilities. These measures are implemented to proactively prevent disruptions caused by potential DDoS attacks.

Does Firmli conduct security tests and code scans ?

Certainly, we conduct routine automated and manual penetration testing exercises to evaluate our systems’ security posture. This involves utilizing a mix of certified third-party scanning tools and proprietary in-house tools to scan our codebase thoroughly.

I found a problem in your platform. How can I let you know about it?

If you find a problem in our platform, please let us know so we can fix it quickly. kindly email us at security@firmli.com

Is there any incident support program?

We have an Incident Support Team dedicated to informing and assisting respective clients or organizations through an email to primary email address. In the event of a security breach, we notify our affected clients within 3-4 business days of the incident. Upon request, our affected clients will receive a comprehensive report within 7-10 business days.

What extra security choices do I have as a Firmli customer to safeguard my data?

Additional security features that can be availed by customers:

- Multi factor Authentication
- IP restrictions
- Role/Permission based Access control
- Device wise account activity audit

For how long does Firmli keep a customer's data after they stop using the service?

We retain the data in your account for as long as you remain a user of Firmli Services. Upon termination of your Firmli user account, your data will be removed from the active database during the next scheduled cleanup, which takes place every 6 months. Any data removed from the active database will also be deleted from backups after 3 months.

What are the specifics of your data backup procedures?

We conduct full backups weekly. Backup data in a data center is stored in the same location as the original data and is encrypted while at rest. Furthermore, we perform weekly restoration and validation of backups. All backed-up data is retained for a period of 1 month. If a specific customer requests it, we can restore their data from the backup and provide access to it.

What is your commitment to Service Level Agreements (SLAs) regarding availability?

We maintain a monthly uptime of 99.9% according to our Service Level Agreement (SLA). We utilize cloud infrastructure from Amazon and Digital Ocean, renowned for their consistently high availability of services.

What measures do you have in place for accessing customer data?

We use technical access controls and internal policies to prevent employees from accessing user data without authorization. Following the principles of least privilege and role-based permissions helps reduce the chances of data exposure. We use authentication methods like strong passwords, two-factor authentication, and passphrase-protected SSH keys.