Get started for free Request demo
decor
  • linkedin logo
decor
section hero alt
Home / Data Security

SECURITY

Data security and confidentiality is a key feature of our document management system. When developing and continuously improving Schrift, our priority is to ensure maximum security

SECURE REGISTRATION AND AUTHENTICATION

  • SECURE PASSWORDS

    The system has appropriate requirements to password strength. When creating or changing a password, a user has to use a combination of at least 6 characters. To eliminate the risk of password theft, original password values are not transmitted to or stored on our server.

    1

  • PROTECTION AGAINST PASSWORD MINING

    For your protection against unlawful access through password mining, the account gets blocked (for 10 minutes) after 5 unsuccessful password entry attempts, and a notification is sent to the user’s email address about appropriate measures

    2

  • DEVICE IDENTIFICATION

    The device that is usually used to log in is identified by the system. If the user logs in from an unknown device, a notification will be sent to the user’s email address

    Захист аккаунту

  • TWO-FACTOR AUTHENTICATION

    As an additional security level, there is a two-factor authentication feature which guarantees that an account can only be accessed by its owner, even if the password has become known to a third party

    Підбір пароля

  • REGISTRATION CONFIRMATION VIA EMAIL

    The registration of a new user is confirmed via email. This prevents the use of an employee’s email for registration without their knowledge and will enable the user to restore the password securely, if needed

    Двофакторна авторизація

  • SECURE PASSWORDS

    The system has appropriate requirements to password strength. When creating or changing a password, a user has to use a combination of at least 6 characters. To eliminate the risk of password theft, original password values are not transmitted to or stored on our server.

    1

  • PROTECTION AGAINST PASSWORD MINING

    For your protection against unlawful access through password mining, the account gets blocked (for 10 minutes) after 5 unsuccessful password entry attempts, and a notification is sent to the user’s email address about appropriate measures

    2

  • DEVICE IDENTIFICATION

    The device that is usually used to log in is identified by the system. If the user logs in from an unknown device, a notification will be sent to the user’s email address

    Захист аккаунту

  • TWO-FACTOR AUTHENTICATION

    As an additional security level, there is a two-factor authentication feature which guarantees that an account can only be accessed by its owner, even if the password has become known to a third party

    Підбір пароля

  • REGISTRATION CONFIRMATION VIA EMAIL

    The registration of a new user is confirmed via email. This prevents the use of an employee’s email for registration without their knowledge and will enable the user to restore the password securely, if needed

    Двофакторна авторизація

DATA STORAGE AND TRANSFER SECURITY

  • checkmark

    Data encryption

    All data, including account information, files, and other information, is transmitted via SSL/HTTPS with 256-bit encryption

  • checkmark

    Reliable servers

    All data is stored in an encrypted form on reliable servers located in Germany

  • checkmark

    Secure backup

    To minimize the risk of data loss, data is continuously copied to multiple servers

decor

ADMINISTERING ACCESS TO DATA WITHIN THE COMPANY

  • Role system

    Access rights management is implemented using a role system that provides flexible configuration and reliable protection of access rights

  • Flexible access settings

    Choosing one of the three levels of access in an employee's assignment allows to protect sensitive documents. Among other uses, it's helpful when delegating access of assistant or acting employees to a position

  • Access rights and protection against tampering

    Access to company data is granted to an employee during appointment to a position. The user is granted employee status once an email invitation is accepted. The user and his employee status are then interlinked and cannot be edited. It ensures that only the said user can act on behalf of the employee

  • Control of information flow

    Employees' access to information within the company is based on the principle: "everything created by me or provided to me is accessible to me". Unauthorised information transfer does not occur within our system

  • Quick access blocking

    If there is a risk of unauthorised access to data, a user with the appropriate rights can block access for an employee, department or the entire company

  • Event-based model of the system

    Each employee action in the system creates an event that ensures responsibility and eliminates misunderstanding in communication

decor gdpr

COMPLIANCE WITH GDPR

We are in compliance with the General Data Protection Regulation (GDPR) and have implemented a wide range of technical and organisational measures. Contact us if you have any questions.