How Azopio protects your data
1. TLS Certificate (https)
All the data exchanged between your devices (computer, smartphone, etc.) and Azopio, as well as between Azopio and other computer systems are encrypted and protected thanks to TLS (Transport Layer Security “Security of the transport layer”, formerly SSL – Secure Sockets Layer).
The address bar of your browser indicates in particular an https: // and displays a padlock or other indicator that certifies that you are interacting with Azopio’s servers.
All Azopio servers and services are accessible only over HTTPS. This ensures that all data exchanged between you and Azopio remains private and complete.
For more details :
https://fr.wikipedia.org/wiki/Transport_Layer_Security
2. Servers and infrastructure
Our servers are hosted in OVH’s data centers, a French company and the leading European company in the Cloud market.
OVH implements the highest level of security for its infrastructure
High security datacenters :
All access to the OVH premises is strictly monitored. To prevent any intrusions or hazards, every boundary is secured using barbed-wire fencing. Video surveillance and movement detection systems are also in continuous operation. Activity within the datacentres and outside the buildings is monitored and recorded on secure servers, while the surveillance teams are on site 24/7.
In order to control and monitor access to the OVH premises, strict security procedures have been put in place. Every member of OVH staff receives a RFID name badge which is also used to restrict their access. OVH employee access rights are reassessed regularly, according to their remit. To access the premises, OVH employees must hand in their badges for verification, before passing through the security doors.
Fire risk management :
Every datacentre room is fitted with a fire detection and extinguishing system, as well as fire doors. OVH complies with the APSAD R4 rule for the installation of mobile and portable extinguishers, and also has the N4 conformity certification for all their datacentres.
Network security :
OVH deploys its fibre optic network across the globe and its technology is installed and maintained by in-house teams of engineers.
OVH has also chosen to build its network in a totally redundant manner – multiple security measures have been put in place, so as to eliminate any risk of failure.
Server security :
The OVH teams provide a human presence in the datacentres 24 hours a day and 365 days a year, to guarantee that the servers are constantly maintained.
Electrical supply :
The OVH datacentres are powered by two separate electrical power supplies and are also equipped with UPS devices. Power generators have an initial autonomy of 48hrs to counteract any failure of the electricity supply network.
Anti-DDoS protection :
All OVH dedicated hosting services include protection against all types of DDoS attacks.
For more details :
https://docs.ovh.com/fr/securite/pssi/
3. Data Management and Protection
Encryption of data at rest :
All data on operational servers is encrypted at rest, which means that someone with physical or remote access to the server will not be able to view it
Backups :
On the other hand, all data is backed up at regular intervals in 2 copies :
- To a different location from our operational servers at OVH, in France;
- As well as to another provider, in two different EU countries
These backups are encrypted before sending with algorithms of a very high level of security and good practices in force, preventing anyone with possible access to the backups from viewing the underlying data
Documents and data conservation :
We keep your data and documents for a minimum of 10 years, as long as you hold a valid subscription.
This enables to comply with the Commercial Code which provides in article L123-22 that accounting documents and supporting documents (supplier invoices, customers, etc.) must be kept for 10 years.
Electronic signature with a 2-star RGS Server Stamp :
The RGS (Référentiel Général de Sécurité) is dictated from the French government and enacts the rules that certain functions contributing to information security must comply with.
Azopio has a certificate issued by certinomis PRIME CA G2 – Docaposte (digital branch of La Poste group), labeled ETSI 319 411-2 level QCP-lqscd. The private key is stored in a hardware cryptographic box (HSM module) certified FIPS 140-2 level 3.
Through this “2-star Server Stamp”, physical documents can be dematerialized having the same legal value as paper ones.
Using this certificate, Azopio affixes a digital signature and time stamp to all documents from the “Azopio Snap” mobile application (converted beforehand into PDF/A) which enables you to quickly and easily dematerialize your paper invoices and receipts, which give them legal value and unalterability requested by and enforceable against the French tax administration.
Using this certificate, Azopio affixes a digital signature and timestamp all electronic invoices generated on the “Invoicing” module.
4. Security of « Bank accounts »
Azopio can retrieve your bank transactions and allow you to perform an automated or manual bank reconciliation between them and your invoices, through our partner Powens.
A copy of your transactions is stored on Azopio, but your bank details never pass through Azopio’s servers and are not known or stored by Azopio.
Azopio does not have access to the bank details of the accounts that you have not selected for synchronization.
You can delete your banking transactions and/or a banking connection on Azopio at any time. Neither Azopio nor Powens will then have access to your bank details of this bank and these accounts.
When you delete your Azoio account, all of your bank connections are also permanently deleted. Neither Azopio nor Powens will then have access to it.
Azopio is registered under number 821 449 634 by the Prudential Control and Resolution Authority (ACPR) as a Powens Agent.
Powens is approved as a payment institution by the Prudential Control and Resolution Authority (ACPR), under number CIB 16948 available on the official list www.regafi.fr.
More details :
https://www.powens.com/privacy-policy/
https://www.azopio.com/wp-content/uploads/legale/CGU Budgea Bank & Bill Agent.pdf
5. Security of « Email fetchers »
Azopio can connect directly to your email box, via our partner Nylas.
Depending on your search criteria, Azopio then detects the corresponding new emails received (or lists them during manual retrieval) and retrieves the attachments in PDF format.
- Azopio only has read-only access, and does not store any information other than the unique identifier of « processed » emails;
- Sent emails and drafts are never read:
- emails that do not match the configured serach criteria are ignored;
- emails cannot be read by humans, but only automatically by the computer code of the Azopio application.
Nylas stores your emails (as long as you maintain your connection to Azopio) and meets the highest security standards in force worldwide (SOC 2 Type II, GDPR, EU SCC, CCPA, HIPAA / HITECH, FINRA) and undergoes 2 annual security audits.
When deleting your Azopio account, all of your email connections are also permanently deleted. Neither Azopio nor Nylas will then have access to it.
More details :
https://www.nylas.com/platform/security
6. Security of « Payment »
The management of the payments of your Azopio invoices is managed by Stripe, via ProAbono, a French subscription invoicing solution.
More details on :
https://stripe.com/docs/security/stripe
https://www.proabono.com/fr/info/politique-de-confidentialite
The initiation of your payments through Azopio are managed by Bridge.
More details on :
https://bridgeapi.io/en/security/
Azopio does not store any sensitive information other than the status of these various payments.
Other practical information
Find a bug or other vulnerability ? Email us at security@azopio.com