DATA PROTECTION

Security & Privacy

Noota is used by many health, research and corporate organizations for whom data protection is a must-have.

Security and privacy

Generic information

In general, all data on our platform is :

Double encrypted

Hosted in the Cloud

We do not use our own servers, but use the services of an online solution provider specialized in setting up, managing and securing storage space. In addition, all our resources are hosted on servers in the European Union (EU), are RGPD compliant and ISO 27001 (https://cloud.google.com/security/compliance/iso-27001?)

Compliance with the GDPR

European regulation in term of security

Noota respects the privacy requests summarized below:

https://www.cnil.fr/fr/reglement-europeen-protection-donnees

All Noota services are hosted on servers in the European Union in accordance with the General Data Protection Regulation.
You can follow the procedures set up by our cloud solution provider Google Cloud Platform:

https://cloud.google.com/privacy/gdpr

Double Encryption

Encryption is key

When you upload a file to our platform, it is protected by a certified HTTPS TLS 1.2 encryption protocol.

Before being stored, all files go through an AES-256 encryption protocol making them accessible and readable only to the corresponding user.

We also add a second layer of encryption so that the data is encrypted and unreadable by the cloud provider.

No backup on servers

You control your data

You want to delete a file?

Don’t worry!

If you delete a file from the Noota platform, it is deleted along with all associated data within 24 hours. We do not keep any archive or residual traces.

Defence protocols

Hosting optimal security

Our hosting provider ensures optimal security with an infrastructure based on progressive layers that provide true defense in depth.

For more information on security protocols, you can visit the following link: https://cloud.google.com/security/infrastructure/

Noota Security Guidelines

Hosting optimal security

Noota makes every effort to ensure continuous monitoring of the security of the application and website, by analyzing all logs and anomalies detected and correcting them when necessary.

The development of the Solutions is conducted in compliance with the following “best practices”:

Employees responsible for hardware production and platform management are regularly trained in security best practices

The hardware is regularly reviewed to identify any potential security vulnerabilities

The microservices used are regularly updated to avoid any vulnerability of the hardware

A dedicated test environment is used for development and for any hardware modifications