Data Security at Felix
OUR APPROACH TO DATA SECURITY
Here at Felix, we have a mission to provide industry-leading tools to help our clients digitise their existing sales and support procedures. Our insurance platform plugs into your existing systems, and let’s you do more with existing resources. In order to provide these services, we must necessarily have access to your data.
Data is everything. It is the lifeline of any modern business, and having this data fall into the wrong hands would be a nightmare. We understand this, and data protection is our top priority while developing the tools and systems that form the Felix platform.
Here at Felix, we know that data security is not just about using the right technical solutions. Data security is a mindset that must be present in the entire organisation, across all levels. This is why we start this report with a focus on the organisational systems we have in place for ensuring our clients’ data is secure.
ORGANISATIONAL DATA SECURITY MEASURES
We strive to be transparent with our customers. Any failures or breaches of our platform will be reported to you as soon as possible, and we will work with you to minimize the impact of such failures and breaches on your business.
Principle of Least Privilege
We follow the principle of least privilege where access of customer data is concerned. Only a handful of trusted top level Felix employees and engineers have unrestricted access to the system and your data.
Every other employee is granted access to our servers and databases in a granular fashion, only having access to parts of our infrastructure that is absolutely necessary for them to perform their jobs.
Consistent Code Reviews
To maintain a high quality and problem free software platform, all code is reviewed by a senior engineer before making it into the production environment.
Multiple Infrastructure Environments
Following industry standards we have multiple environments; all isolated, where we deploy the software platform. There can be multiple testing environments, access to which is given freely to our product development team. However, there is only one production environment, with strict policies on who has access to it.
Customer data is only allowed to exist on the production environment.
This lets us develop quickly without creating artificial roadblocks for our technical teams, while also ensuring security of your data.
Your Data Belongs to You
We know that any data you have on the Felix platform is your property. Which is why we’re making it incredibly simple for people in your organisation with the correct access level to export all your data out of the system.
We believe that you will continue using our platform because it’s the best in the industry, not because you are locked into it. Our data export policy shows our confidence in this belief.
Thorough Testing of All Releases
Everyone makes mistakes once in a while. Which is why we have a dedicated QA team to test any new features before releasing them. Our team of experienced test engineers stress test the system before any feature release, ensuring that no bugs and downtime are introduced into the system on which you run your business.
TECHNICAL DATA SECURITY MEASURES
In addition to making data security a mindset in our organization and enforcing it through the tenets we have mentioned so far, we also take great care to take technical steps that protect your data where it is housed in our servers.
Secure Data Centers
We use an industry leading hosting provider that is audited and certified to be compliant with the most important data safety regulations, including PCI and HIPAA. Our hosting provider is the best in the industry and used by some of the leading financial institutions in the world.
Inside the datacenter, we use a private network to ensure that none of our servers are accessible from the outside except through a few selected mechanisms that are highly secure and audited.
Any outside communication is done through secure bastion servers, NAT servers, and internet gateways. This ensures we have complete control over which servers have access to/from the internet, and the level of access they have.
Firewall Controlled Access to All Servers
Except for two bastion servers and a single load balancer that are in the DMZ, all of our application and database servers are located in a fully private network, locked behind a top grade firewall provided by our industry leading infrastructure provider.
Access to these servers is strictly controlled, available only to our Chief Architect, and needs a highly secure 2048-bit SSH-2 RSA key to login.
Encryption At Rest
All our databases are encrypted using the industry standard AES-256 encryption algorithm. So even if attackers somehow gained access to our data storage, they would not be able to read the data stored there.
The encryption keys are held and managed on another highly secure server provided by our infrastructure provider, ensuring that the encrypted data and encryption keys are kept separate, and thus secure.
We take daily backups of our database, to ensure that even in case of a catastrophic failure, we never lose more than a single day’s data. The backups are encrypted using the same secure technology as our database, ensuring that all copies of your data are safe.
Encryption In Transit
We use industry leading SSL security to ensure that when displaying data all communication between the client applications (browsers, mobile apps) and our servers is encrypted and data cannot be intercepted.
A Database Per Customer
As part of our onboarding process, we create a separate database for each client. This means that your data is fully partitioned into its own database, and no two clients data is ever located in the same space.
This lets us guarantee that your data is for your eyes only and can not be accessed by any other client.
All access to our servers and databases is automatically logged, with detailed information on who logged in, when, from where, etc… This ensures that any unauthorized access is immediately seen and the issue rectified.
We monitor our platform in real time for any availability issues, so we can react quickly to resolve these. Our goal is to fix issues before they have a chance of affecting any users.
12-Factor App Compatibility
We use the best practices laid out in the “The Twelve-Factor App” methodology, which lets us develop a secure, resilient, fault-tolerant, and highly available, application. Following the methodology also let’s us be more agile and develop new features faster in response to client feedback.
All technical decisions at Felix are made inline with our ethos of treating customer data as sacrosanct. We have selected only mature and proven technologies to build our software on, and any new addition to our technology stack is painstakingly debated to ensure our software is kept as secure as our customers expect it to be.
This document contains highlights of our data safety procedures and practices. But there is a lot more that goes into ensuring data safety. We use multiple industry leading security solutions, follow best software development practices, and keep up-to-date with the latest security updates to ensure security and safety of the data you trust us with.
If you, or members of your technical team would like to learn more, we are happy to arrange an onsite meeting with our technical team, where we can have a more detailed look at our infrastructure and security practices.