Yes, and it is tested yearly.
Yes, and it is tested yearly.
Click the link to read about all of Safeture’s Data Protection Measures:
If you have received the service through your employer then the employer is the data controller. If you have purchased the service as a consumer directly from Safeture then Safeture is the data controller.
The data processor is Safeture AB and the processing of data is conducted in Sweden.
All data sent to or from Safeture is encrypted in transit using HTTPS/TLS1.2+. Our API and application endpoints are minimum TLS1.2 and score an “A+” rating on Qualys SSL Labs‘ tests. This ensures we only use strong and correct cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.
Yes, two-factor authentication is enabled by default and is enforced on Administrators unless Single Sign-on (SSO) is enabled. The 2FA-code can be provided to the Safeture Mobile Application through push notifications, by e-mail and/or by SMS (default).
We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on all hosting services to ensure protected access.
Safeture uses the PBKDF2 (Password-Based Key Derivation Function 2) function to generate password hashes and enforces a complex password standard (minimum 10 letters, at least one capital letter, at least one lower case letter, and at least one number). This only applies to clients who do not have SSO enabled. Password hashes are not stored in the Safeture database for customers that use SSO.
Two-factor authentication is enabled by default and is enforced on Administrators unless SSO is enabled. The 2FA-code can be provided to the Safeture Mobile Application through push notifications, by e-mail and/or by SMS (default).
Data is deleted after 3, 6, 12, and 18 months, depending on the sensitivity of the data.
Safeture uses Fortlax and AddPro data centers, both of which are ISO/IEC 27001:2013 certified. The data and services are hosted in Sweden and are not subject to the US Cloud Act.
Safeture has built its Information Security Management System based on the ISO/IEC 27002:2013 controls to ensure the best practice protection controls are implemented based on industry standards and we are compliant with applicable local, federal and state regulations, as well as industry standards.These policies are updated frequently and communicated to all employees.
Yes. Twice a year we engage alternating independent third-party security experts to perform detailed penetration tests on the Safeture Platform and network, and full source code reviews. Customers are also encouraged to perform their own independent penetration tests.
Safeture (founded in 2009) is a Software as a Service (SaaS) company based in Sweden. The company offers a complete platform designed to handle safety and risks for employees, wherever they are.
Through world-leading technology and innovative solutions, Safeture helps risk management- and assistance providers secure their clients, global companies, and organizations to protect what matters most – their people.
The Safeture share is listed on NASDAQ First North Growth Market Stockholm (ticker: SFTR). Erik Penser Bank AB is the Certified Adviser.