Skip to main content

Data Processing Agreement

Data Security Practices

This article outlines the data security practices implemented by Scanova to ensure the security of customer data and protect it from unauthorized access.

Introduction

Scanova is committed to following the best industry practices for data security. These measures ensure that the data of our customers is safeguarded against unauthorized access and potential attacks. Data collected by Scanova is categorized into three main types: Customer Data, QR Code Data, and End-User Data. This article explains the security practices that Scanova uses to protect each data category.

A. Types of Data Collected by Scanova

  1. Customer Data
    • Personal data such as name, email address, password, billing information, and payment details.
    • This data is required for customers to use Scanova services.
  2. QR Code Data
    • Information used to create QR Codes, including URLs, map locations, vCard details, PDFs, images, and more.
    • This data is processed to generate functional QR Codes.
  3. End-User Data
    • Information collected when end-users scan QR Codes created by Scanova customers.
    • Includes lead generation data (e.g., name, email, phone number) and browsing activity (e.g., scan time, date, location, device).

B. Security Measures Implemented by Scanova

  1. Bot and Script Protection
    • Google reCAPTCHA is enabled on the Sign-up page to prevent bots and scripts from creating fake accounts.
  2. Brute Force Attack Prevention
    • All forms, including Sign-up and Login, are secured with Cross-Site Request Forgery (CSRF) protection to prevent brute force attacks.
  3. Encryption Standards
    • Passwords are encrypted using the PBKDF2 algorithm with a SHA256 hash, as recommended by NIST.
    • Data in transit is secured via SSL encryption (HTTPS) to ensure safe transmission.
    • Data at rest is secured using AES256 encryption for additional protection.
  4. Data Storage
    • All data is stored on Amazon Web Service (AWS) RDS servers located in Oregon, USA.
    • AWS servers used by Scanova are ISO/IEC 27001:2022, SOC1, and SOC2 certified.
    • Stripe and 2Checkout manage the billing and payment information, both of which are PCI Level 1 certified.
  5. Additional Security Measures
    • Cloudflare is used as a proxy to add an extra layer of protection, including defense against DDoS attacks.
    • Data is accessible only to authorized technical staff through robust security protocols, including multi-factor authentication and detailed logging.
  6. Verification Layers
    • Registered Email Verification: Ensures only verified customers can access services, enhancing security.
    • Google SafeBrowsing API: Monitors URLs encoded into QR Codes to restrict the use of potentially harmful links.

C. Data Location and Compliance

  1. Data Storage Location
    • Scanova's data is securely stored on AWS servers located in Oregon, United States.
    • These servers comply with international standards, including ISO/IEC 27001, SOC1, and SOC2 certifications.
  2. ISO and GDPR Compliance
    • Scanova is ISO 27001:2013 certified, ensuring robust information security protocols are maintained across all operations.
    • The company is also SOC2 and GDPR compliant, which confirms adherence to high data protection standards.
  3. Private VPN Usage
    • Scanova uses private VPNs to ensure that data access is restricted to authorized personnel only, further enhancing data security.

 

If you have any unanswered questions related to data security, you can reach out to us at support@scanova.io or privacy@scanova.io.

 

Was this article helpful?
Español (México)