Your data is secure with PRIOFY

Crafted and hosted in Germany

Priofy is the result of the dedicated efforts of our skilled team, boasting a track record of reliability, and they operate exclusively from our German headquarters. Our production systems and customer data find their secure abode within the confines of data centres located in Germany, courtesy of the Open Telekom Cloud (OTC).

Infrastructure security

At Priofy, we prioritise the utmost security for our infrastructure. To achieve this, we have chosen to host our platform with the Open Telekom Cloud (OTC), renowned as one of the world's most secure and cutting-edge cloud data centres. OTC operates within Deutsche Telekom's highly secure twin-core data centres located in Magdeburg and Biere, Germany, ensuring data backup and safeguarding.

Our commitment to security is further demonstrated by our rigorous adherence to regulations and certifications. OTC undergoes regular assessments by independent institutions, holding certifications that comply with the latest security and data protection standards, including TISAX, Trusted Cloud, ISO 14001, ISO 22301, ISO 9001, ISO 20000, ISO 27001, ISO 27017, ISO 27018, CSA Star Level 2, TÜV Trusted Cloud Service, and TCDP version 1.0. For detailed information, please visit: OTC Security.

Ferri Abolhassan, Director of T-Systems’ IT Division responsible for Telekom Security, affirms, "Companies find what they are looking for in Biere: the highest level of security and reliability coupled with strict German data protection – an unbeatable combination."

OTC's data processing strictly adheres to the German data protection act and is GDPR-compliant, certified in accordance with the Trusted Cloud Data Protection Profile (TCDP) 1.0. For more insights, please visit: Data Protection and Compliance.

Data segregation and confidentiality

At Priofy, we take data segregation and confidentiality with the utmost seriousness. Our production systems, databases, and networks are not only physically but also logically separated from our enterprise infrastructure. Additionally, we enforce logical separation of customer accounts at the data layer.

To ensure the highest level of security, we have stringent access policies for our employees. Access to customer data is considered a last resort measure, strictly controlled, and meticulously logged. Such access is granted only to a select few employees and is technically and legally limited. This access is maintained to provide the highest quality customer support under stringent confidentiality conditions, always supervised by senior management.

Our employees are required to utilise secure authentication based on their identity and restricted according to their role within the company, adhering to the principle of least privilege.

Furthermore, our employees receive comprehensive training on data protection and are legally bound to non-disclosure agreements. The security workgroup assesses employee access levels considering factors such as experience, responsibilities, and internal risk assessments. This approach ensures that our customers' data remains confidential and secure at all times.

Software development security

Priofy places a paramount focus on the security of our software development process. Our software architecture and release cycle are meticulously designed to fortify our defenses against potential security breaches.

To maintain strict control over our codebase, PRIOFY employs a version control system that tracks any modifications. Any alterations to the architecture or code must adhere to our internal coding principles, security policies, and the industry's best practices for security. Before being released into the production environment, these changes undergo a rigorous evaluation process, including review on a staging server and a battery of manual and automated tests. Furthermore, our development advisory team conducts source code reviews at regular intervals to ensure the highest level of security.

Our release schedules are strategically planned to minimise disruption, typically occurring outside of standard European business hours during planned downtime windows. However, in cases of urgency, we can expedite changes, such as security patches, to address critical needs promptly. At PRIOFY, we spare no effort to guarantee the security and integrity of our software development process.

User authentication

In Priofy, every individual is assigned a distinct account linked to a confirmed business email. The platform mandates that users establish passwords that comply with stringent security policies, encompassing aspects like complexity, non-reuse, and expiration rules. For enhanced security, passwords undergo a process of hashing and salting, aligning with top industry standards. To further safeguard PRIOFY accounts, we offer the option of 2-Factor Authentication. The system meticulously monitors and records each user's session and IP address, providing options for detailed audits or session revocations by the user. Additionally, there is a set upper limit on the duration of user sessions.

Detailed access management

In our system, client administrators and managers are responsible for managing user access within their accounts. They can finely tune access rights using a detailed and hierarchical permissions system. This setup enables administrators to specifically tailor the access level for individual users or groups across various project stages. Additionally, project managers have the authority to further refine these permissions as needed.

Access to a project is exclusively granted to users who receive an invitation from someone with the necessary permissions. The scope of access varies significantly, encompassing complete administrative rights for the project, to permissions that allow reading, editing, or managing specific sections or elements, down to read-only access.

Data encryption

Priofy ensures the security of all data, whether in transit or at rest, by employing widely recognised encryption standards such as Transport Layer Security (TLS) and Advanced Encryption Standard (AES). For the transfer of customer data, whether it's between our data center locations or from our data centres to user devices, AES encryption is consistently utilised. Additionally, when users upload files to PRIOFY servers, each file is automatically encrypted using AES 256-bit encryption with unique keys for each file. To further enhance security, these encryption keys are safeguarded in a dedicated key vault. This vault is an isolated database, strategically separated from the primary file storage system.

Data redundancy, backup, and recovery

Priofy employs a robust data protection strategy that includes almost instantaneous replication of databases. This approach guarantees the security and availability of customer data, which is duplicated across multiple servers. These servers are not only redundant but also geographically dispersed within Germany, enhancing data safety. Data transfer between these servers occurs over Priofy's private network, independent of the public internet.

To further bolster data security, Priofy conducts a comprehensive backup of data every day. This backup is encrypted and stored in a separate environment from the main servers, providing an additional layer of fault tolerance. In case of an emergency, this system enables the restoration of historical customer data. Moreover, in the rare event of multiple server failures, significant disruptions, or catastrophic events, PRIOFY is prepared to restore the entire production system from our disaster recovery site. This site includes a continuously updated standby database system, ensuring minimal disruption and maximum data integrity.

Action traceability, content, and document recovery

Priofy's Activity Tracker meticulously records every update and action throughout the entire span of a project. This log includes comprehensive details such as the identity of the user and precise timestamps, ensuring complete control and traceability at all times.

In instances where a user removes project items, files, or folders from the workspace, Priofy doesn't permanently delete them. Instead, these items are moved to a dedicated recycle bin. This allows client administrators and managers to securely retrieve any deleted items from the project's recycle bin for a period of 120 days following their deletion.

Priofy also features an advanced document versioning system. This system automatically archives a history of all previous versions of a document, enabling you to revert to any of these versions within a 30-day window. For those requiring more extensive historical data, Priofy offers an option for unlimited version history on a per-document basis.

Commitment to privacy and GDPR

Priofy rigorously adheres to European and German laws to safeguard user privacy and data. Compliance with the EU's General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) is a legal requirement for organizations in Germany and the EU. This also extends to entities outside the EU that process personal data of individuals residing within the EU. These regulations are designed to enhance the security, transparency, and control users have over their personal data online, a principle that aligns perfectly with our values.

Our services, in which we function as a data processor, are certified under GDPR/BDSG standards. We have implemented procedures to ensure adherence to your rights regarding data erasure, rectification, portability, access, the right to be forgotten, and restriction. In compliance with Article 30 of the GDPR, we maintain a personal data registry. This registry details the types of personal data we handle, including where it is stored, maintained, and processed, the data flow, the responsible parties, and the data retention periods. For detailed information, please refer to our Privacy Policy.

Availability and reliability (99.9% uptime)

At Priofy, our goal is to maintain an exceptional level of service availability, exceeding 99.9% uptime across all our services. We schedule maintenance activities strategically to occur outside of standard European business hours to minimise disruption. Throughout our years of continuous operation, PRIOFY has consistently achieved or surpassed this 99.9% uptime target. The majority of updates and maintenance tasks for our production systems are designed to be executed without any downtime.

Our production systems are hosted on the Open Telekom Cloud (OTC), ensuring robust and reliable service. We have implemented multiple redundant systems within OTC to safeguard against any single point of failure. The OTC boasts a data availability guarantee of up to 99.999 percent, aligning with Tier 3+ security standards. We maintain transparency in our service availability, which is monitored externally and published for our users' reference.

Monitoring

Priofy's dedicated in-house operations team vigilantly monitors application performance and security 24/7. We proactively test for potential intrusions and attacks to ensure the highest level of safety. An advanced Intrusion Detection System (IDS) is in place, equipped with alert mechanisms to notify us of any unusual or suspicious activities.

To bolster our response to potential incidents and facilitate thorough root cause analysis, system and network logs are securely transferred to off-site locations. Our team keeps a close watch on all common vulnerabilities and exposures (CVEs) relevant to our environment. In cases of critical vulnerabilities, we are committed to implementing patches typically within a 24-hour timeframe.

Priofy employs a multifaceted approach to identify security vulnerabilities. This includes automated scanning processes, comprehensive penetration testing, and collaboration with third-party security experts. Together, these measures form a robust security framework, ensuring the safety and integrity of our application.

Sustained business continuity and trust

Over the past decade, Priofy has established a solid reputation and earned the trust of a diverse customer base. Since our inception in 2008, we have experienced consistent growth and success. Our platform is utilised by thousands of users and organisations, including hundreds who have demonstrated their confidence in our services through long-term subscriptions.

This track record of stability and growth underscores our commitment to providing reliable services. We are not only dedicated but also financially robust, ensuring that we can continue to deliver our services effectively over the coming decade.