Security

At Differ we really care about the security of your data and ours. We have implemented and will maintain appropriate technical and organizational measures to protect any personal data against misuse and accidental loss or destruction. Below you will find a summary of our security measures implemented to ensure the protection of your data.

Updated 1st August 2016 - 2 min read

Summary of security measures

1. Data

At Differ we really care about the security of your data and ours. We have implemented and will maintain appropriate technical and organizational measures to protect any personal data against misuse and accidental loss or destruction. Below you will find a summary of our security measures implemented to ensure the protection of your data.

2. Data Centers

The data of the users of the services of EdTech Foundry is encrypted and stored on Google Cloud, further details about the measures taken by Google cloud to secure their facilities and services can be found here: https://cloud.google.com/security/

4. Authentication and access control

EdTech Foundry internal data access processes and policies are designed to prevent unauthorized persons and/or systems from gaining access to systems used to process personal data. Therefore all the devices with access to internal data, databases and user’s data are required to have a lock screen and to use disk encryption. EdTech Foundry uses two-factor authentication (2FA) and strong password policies. Data access is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks and a need to know basis

5. Personnel security

The EdTech Foundry personnel are required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards. Personnel are required to sign a non-disclosure agreement and must acknowledge receipt of, and compliance with, the EdTech Foundry’s confidentiality and privacy policies. Personnel are provided with security training. 

Also, employees need key cards to access to the office, and unauthorized access is not possible.  

Our employees work on computers and to do so, their computers are secured with firewalls and full disk encryption. Access to internal systems requires a secure VPN tunneled connection. 2-step authorization is required for access to all services that handles data and software development pipelines.

6. Sub-processor security

Prior to onboarding Subprocessors, EdTech Foundry AS conducts a check of the security and privacy practices to ensure they provide a level of security and privacy appropriate to their access to data and the scope of the services they are engaged to provide. Before using suppliers to process the data, EdTech Foundry ensures that the contract governing the relationship between us and our suppliers commits the high requirements required by the Norwegian law and the European legislation on security, users rights and data privacy. A list of suppliers that process personal data on our behalf can be found at differ.chat/suppliers. Suppliers may be located outside of the EU/EEA. For data transfers outside EU/EEA, we use Privacy Shield or EU Model clauses to ensure data privacy.