ProductInfoContact

Security policy

This security policy governs your use of our website www.docreview.com, the application app.docreview.com, and all subdomains or subapplications there-in (“Application”), created by Docreview B.V.

Security measures

All communications within the Application use end-to-end Transport Layer Security cryptographic protocols. All data is encrypted and protected all the way from your browser, to our servers, to our databases and back again. This encryption protocol is used to safeguard your sensitive personal information. There are no communications that are ever sent in plain text.
The Application’s servers are redundantly connected to our core switches with a 2x 1 Gbit/s uplink. All servers are directly connected to the core European providers on the AMS – IX exchange. In combination with our transit connections via Cogent and KPN, the total edge capacity of our network is 100 Gbit/s.
The Application is protected from DDoS attacks using mitigation techniques including TCP Syn cookies and connection rate limiting. This prevents attacks from threatening service performance or shutting down our websites entirely, even for a short time.
Port scanning is prohibited and every reported instance is investigated by our infrastructure provider. When port scans are detected, they are stopped and access is blocked. This prevents attackers from identifying network services running on our host.

Data center accreditation

Our data center operations have been accredited under:

  • PCI DSS – financial transaction management
  • ISO 9001 – quality management
  • ISO 27001 – information security
  • ISO 14001 – environmental security
  • NEN 7510 – medical care related information security

Backups

All of application data is backed up daily, and can be restored in the event of a disaster. You can rest assured that even a natural disaster will not compromise your data you put into the Application.

Encryption

To prevent unauthorized account access we enforce strong user passwords, and use a strong password encryption algorithm which prevents reverse engineering and attacks. In addition, all personal user account information is further encrypted during transmission and authenticated via JSON Web Tokens. JWTs are an open, industry standard RFC 7519 method for representing claims securely between two parties utilizing an symmetric encryption algorithm. Users should not divulge their passwords to anyone. DocReview will never ask you for your password in any phone call or unsolicited e-mail.

Users

Your data is only as secure as your users. The Applicationuses a variety of strong encryption and security techniques to help protect you and your data. Please ensure your users are using strong passwords, and do not invite unauthorized users into your company’s account.
When entering information into the Application or contacting us through any method of communication (phone call, email, web form, etc.) you must determine whether the method of communication is adequately secure for your purposes prior to providing any PII or other confidential information. Any PII or confidential information sent by the user is sent at the users own risk.

Changes

This Security Policy may be updated from time to time for any reason. We will notify you of any changes to our Security Policy by posting the new Security Policy here and informing you via email. You are advised to consult this Security Policy regularly for any changes, as continued use is deemed approval of all changes.

Your Consent

By using the Application, you are consenting to our security measures as set forth in this Security Policy now and as amended by us.

Contact us

If you have any questions regarding security while using the Application, or have questions about our practices, please contact us via email at support@docreview.com.

©2018 Semlab b.v.