Security & Privacy
Noota is used by many health, research and corporate organizations for whom data protection is a must-have.
Security and privacy
In general, all data on our platform is :
Hosted in the Cloud
We do not use our own servers, but use the services of an online solution provider specialized in setting up, managing and securing storage space. In addition, all our resources are hosted on servers in the European Union (EU), are RGPD compliant and ISO 27001 (https://cloud.google.com/security/compliance/iso-27001?)
Compliance with the GDPR
European regulation in term of security
Noota respects the privacy requests summarized below:
All Noota services are hosted on servers in the European Union in accordance with the General Data Protection Regulation.
You can follow the procedures set up by our cloud solution provider Google Cloud Platform:
Encryption is key
When you upload a file to our platform, it is protected by a certified HTTPS TLS 1.2 encryption protocol.
Before being stored, all files go through an AES-256 encryption protocol making them accessible and readable only to the corresponding user.
We also add a second layer of encryption so that the data is encrypted and unreadable by the cloud provider.
No backup on servers
You control your data
You want to delete a file?
If you delete a file from the Noota platform, it is deleted along with all associated data within 24 hours. We do not keep any archive or residual traces.
Hosting optimal security
Our hosting provider ensures optimal security with an infrastructure based on progressive layers that provide true defense in depth.
For more information on security protocols, you can visit the following link: https://cloud.google.com/security/infrastructure/
Noota Security Guidelines
Hosting optimal security
Noota makes every effort to ensure continuous monitoring of the security of the application and website, by analyzing all logs and anomalies detected and correcting them when necessary.
The development of the Solutions is conducted in compliance with the following “best practices”:
Employees responsible for hardware production and platform management are regularly trained in security best practices
The hardware is regularly reviewed to identify any potential security vulnerabilities
The microservices used are regularly updated to avoid any vulnerability of the hardware
A dedicated test environment is used for development and for any hardware modifications