Security Policy

Security Policy

Last updated on: June 15, 2021

We take all reasonable steps to keep secure any information that we hold about you. Here is a summary of what we do to guarantee your data is safe with Wesurance.

Backups/ Disaster Recovery

  • Backups are replicated every day in the same data centers in order to meet Disaster Recovery

    objectives.

  • Wesurance will keep a full backup of each deactivated account for up to 12 months.

    Database Security

  • All data related to your customer is stored in a dedicated database and converted into unrecognisable

    code using industry-standard data encryption.

  • Data access control rules implement complete isolation between customer databases running on the

    the same cluster, no access is possible from one database to another.

    Password Security

  • Customer passwords are protected within Amazon Cognito is encrypted at rest in accordance with

    industry-standard.

  • Wesurance staff does not have access to your password and cannot retrieve it for you; the only

    option if you lose it is to reset it.

  • Login credentials are always transmitted securely over HTTPS.

    Staff Access

  • Wesurance helpdesk staff and engineers may sign in to your account to access settings related to your

    support issue in a limited and reasonable manner. For this, they use their own special staff

    credentials, not your password (which they have no way to know).

  • Our Helpdesk staff strives to respect your privacy as much as possible and only access files and

    settings needed to diagnose and resolve your issue.

    System Security

  • All servers are running in Amazon AWS cloud in Linux base with up-to-date security patches.

  • Installations are ad-hoc and minimal to limit the number of services that could contain vulnerabilities.

    (no PHP/MySQL stack for example).

  • Only a few trusted Wesurance engineers have clearance to remotely manage the servers, and access

    is only possible using an encrypted personal SSH keypair from a computer with full-disk encryption.

    Physical Data Location

• The servers are hosted in trusted data centers in various regions of the world (e.g. MongoDB, AWS).

It should be closest to where you are based, and you can request a change of region (subject to availability).

Credit Card Safety

  • We never store your credit card information in our systems.

  • Your credit card information is always transmitted securely and directly between you and our PCI-

    Compliant payment acquirers. (Please refer to our Privacy Policy page)

    Communications

  • All data communication to client instances are protected with a state-of-the-art TLS1.2 SSL encryption

    (HTTPS).

  • All internal data communications between our servers are also protected with state-of-the-art

    encryption (SSH).

  • Our servers are kept under a strict security watch, and always patched against the latest SSL

    vulnerabilities, enjoying Grade A SSL ratings at all times

  • All our SSL certificates use robust 2048-bit modulus with full SHA-2 certificates chains.

Network defense

  • All data center providers used by Wesurance have very large network capacities, and have designed

    their infrastructure to withstand the largest Distributed Denial of Service (DDoS) attacks. Their automatic and manual mitigation systems can detect and divert attack traffic at the edge of their multi-continental networks, before it gets the chance to disrupt service availability.

  • Firewalls and intrusion prevention systems on Wesurance platform help detect and block threats such as brute-force password attacks.