Data Security and Privacy
You can trust
The most relevant brands and companies in the region trust Bmotik to protect their data. Our team implements enterprise-grade best practices to ensure that your data and your users' data is always secure.
Security and Compliance
Permissions and Roles
Different permissions and accesses depending on the role, adjusted to each user level and capacity.
Vulnerability Management
We continuously scan for vulnerabilities and subject our platforms to independent penetration testing (pen-testing).
Change Management
Any new functionality or bug fixes are peer reviewed prior to release. In addition, we perform automatic SAST and DAST scans.
Logs and Tracking
User logins are stored for up to 90 days in an automatic and traceable way.
Principles of secure data
In addition to using AES256 encryption for data storage, we ensure that data is communicated using TLS 1.3.
Monitoring and Control
Bmotik maintains both system and activity security logs. These logs are centralized and monitored by our cybersecurity team.
Availability and Continuity
Availability
bmotik services are deployed in multiple Datacenters in AWS and Azure for high availability and automatic scalability when encountering traffic growth.
Load tests are run before every major release or upgrade.
Eventuality Recovery
Bmotik formally has a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) defined and implemented to allow both people and processes to be supported or maintained in case of crisis or forced operational interruptions, in line with SOC2 II standards.
Data Privacy and GDPR
We believe that all users have the right to know what personal data is collected. The General Data Protection Regulation (GDPR) is a regulation that requires companies to protect the personal data and privacy of European Union (EU) citizens for transactions occurring within EU member states. These practices have been widely adopted as standard in data collection.
Our commitment to customer data integrity and privacy is fundamental to who we are as a company and what we stand for. We continue to monitor GDPR compliance recommendations from privacy-related regulatory agencies and make appropriate enhancements to our third-party product and application agreements. As enhancements are implemented, we will provide you with periodic updates as part of our disclosure process. For more information, please visit our privacy policy.
Applications and Infrastructure
Bmotik's application infrastructure is provided by Amazon Web Services and Microsoft Azure, secure cloud services solutions. Amazon and Azure physical infrastructures have been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate and Sarbanes-Oxley.
All Bmotik applications are subject to recurring third-party security audits to identify any undetected security flaws. We ensure that only authorized employees gain access to our application infrastructure and require strict authentication to gain access. Access to user data is only performed on an as-needed basis and with full disclosure to the customer of individual data accesses in an effort to provide greater transparency, security and support.
