Data security

Consult our Q&A section

The Security of Your Data: Our Priority

At Sellsy, we are fully aware of the importance of your data in managing your business. In most cases, this is even what gives it value, such as your customer database.

To ensure the highest possible level of security, we have chosen from the outset to use high-quality hosting on our own machines and to guarantee you high availability combined with impeccable security.

Data Hosted in France 

Your data is stored on our own servers, hosted within Scaleway's infrastructure.

Sellsy selected Scaleway because it is one of the leading providers in Europe for hosting and managing critical applications, and it complies with ISO/IEC 27001 standards.

List of their certifications: https://www.scaleway.com/fr/securite-et-resilience/

The average PUE (Power Usage Effectiveness) of their data centers in 2023 is 1.37.

Security control of the servers and updates to our operating software are carried out in real time.

Our control over our technical infrastructure allows us to manage the confidentiality of your data, which never leaves our machines without your explicit consent. Our production infrastructure is located in the Paris region, under French jurisdiction.

Prevention of Cyber Intrusions 

The application security of your data is ensured by a Web Application Firewall (WAF) and a SIEM system, managed by an external SOC team. The SIEM analyzes all security-related events and triggers automated alerts in case of a security incident, followed by the convening of a crisis management team.

Security of Access to Your Data 

Access management is based on the principle of "least privilege":

  • Access to production environments is managed solely by the technical department.
  • Access to client accounts is only possible with the client’s consent, who must explicitly approve the access request submitted online by Sellsy support.
  • All connections and actions are logged. Accesses are systematically reviewed upon the departure of an employee or when there is a job change, to ensure the access rights/permissions are either disabled or verified according to the individual's new responsibilities.

Access to data is restricted to authorized personnel, under defined conditions, and governed by a strict access control policy. A named list of employees and associated privileges is maintained and regularly updated.

An annual review of permissions ensures that profiles evolve according to each individual's responsibilities.

Data Segregation

To guarantee maximum data security, we apply a strict principle of data segregation. Each client has their own database, physically separated from other clients' databases. This separation ensures that each client’s data is completely isolated and cannot be viewed or modified by another client. This data management model enhances confidentiality and integrity, ensuring that each client has exclusive and secure access to their data.

Daily Backups of Your Data 

Our databases are hosted on redundant servers.

A backup of all databases is performed every night, with a 30-day rolling history, so your data is safe and can be recovered in the event of a technical or hardware failure.

Data Encryption 

All production data and associated backups are encrypted at rest.

Certain data (passwords, API tokens) are encrypted at rest using a service based on a Hardware Security Module (HSM).

Data transfers are encrypted using the TLS v1.3 protocol. This is an essential security measure that prevents unauthorized users from accessing data in transit.

Logo Sellsy
Language
FrançaisEnglish
Good to know
What is a CRM?
Solutions
By department
MarketingCommercialAdministrative Service
By sector
StartupsSMEAgenciesSoftware publisherE-commerce
Partners
Referral ProgramSellsy PartnersAccountants
Sellsy tools
MarketplaceAPIGoogle Workspace
About us
Contact usWho are we?La RSE chez Sellsy
Manage my consents
General Terms & ConditionsLegal NoticeData privacyVulnerability Disclosure Policy
Data security
Sellsy © 2024. All rights reserved.