Service Providers

Senomix uses a number of third-party services to assist system management.

Encryption - Communication

All communication between a system user's Senomix account and their computer, phone, or tablet device is encrypted with the highest grade of security provided by modern web browsers and computers.

All internal Senomix traffic for development and system management is also fully encrypted.

Our systems only accept communications using TLS 1.2 (and higher, as new algorithms are introduced) and automatically block communication links that attempt use of encryption algorithms that are less secure. That communication includes the Senomix web site, all user accounts, system dashboards, and reports.

We use HSTS (http://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) to ensure that web browsers can only interact with Senomix over secure HTTPS communications. All non-encrypted channels are blocked. Senomix is also on the HSTS preload list for all modern major web browsers, which further enforces HTTPS-only traffic.

Encryption - Data

All customer data is encrypted.

Encrypted files are further secured by storage within encrypted disk partitions.

When data is directed to backup files, those backup files are encrypted when created and remain encrypted while in-transit through secure channels to their secure backup locations.

Data Backup and Recovery

All Senomix servers and associated customer data are secured through robust data backups provided by Akamai.

Redundant, off-site backups of encrypted data are also created on a fixed schedule
and secured by Senomix.

At the first level, encrypted data backups are managed by Akamai to provide multiple points of instant restoration in the event of data corruption. If something goes wrong on-site (like a failed hard drive, fried computer, or corrupted systems), Akamai's systems automatically switch to new hardware without any service interruption.

At the next level, regularly scheduled data backups are kept encrypted and secure on internal Akamai systems. In the event of damaging hardware failure (for example, a fire destroying a computer rack), those backups can be used to restore a Senomix account within the hour.

Finally, encrypted data backups are securely stored in offline, air-gapped storage media to ensure catastrophic hardware failure (for example, an earthquake that reduces an entire data center to rubble) can be recovered from within a day.

Secure, off-site storage of encrypted customer data is retained for a period of two years, after which time the encrypted data is deleted.

Data backups are tested to ensure full system restoration is possible from any given point.

System Locations

Managed system servers are located in the closest region available to an account's users. Often, a hosted server will be located in the same nation or state/province as the customer employees it serves.

Encrypted off-site data backups are securely stored in Toronto, Canada.

EU Data Isolation

EU Isolation ensures that all your Senomix system data is processed entirely within the European Union and never reaches servers located in the United States.

EU Isolation is an option available to all Senomix customers.

If an organization requires that system data be managed only within certain regions (for example, a U.K. company with data held only within the U.K.), Senomix ensures that a system server's physical location and data management complies with those requirements.

GDPR Compliance and Privacy Policy

Senomix is GDPR-compliant.

Further details about how we fulfil GDPR can be found here:
https://www.senomix.com/general-data-protection-regulation

Senomix's privacy policy can be found here:
https://www.senomix.com/privacy-policy

Senomix Software is a privately held corporation located in Toronto, Ontario, Canada. As such, we are held accountable to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), about which you can read more at the site of the Office of the Privacy Commissioner of Canada, here: http://www.priv.gc.ca

Passwords and Authentication

All Senomix account passwords are one-way hashed using the most secure algorithms available. Additional security is provided by using a unique algorithmic salt for each password.

In plain-English: when a password is hashed, it is turned into a large jumble of letters and numbers that cannot be 'reverse engineered' to determine its source text. When an entered password is checked for validity, the same hashing algorithm and unique salt are used to create a fresh jumble of characters from that entered password. That jumble is then compared against the stored jumble and, if both match, the password is confirmed valid.

Passwords stored by Senomix cannot be converted back to readable text (we can't read your password, either). A password can be reset (either within your Senomix applications, or through the sign-in page password reset process via secure email) but a password can never be read from Senomix authentication files.

If password authentication fails after a number of attempts, a system user account is temporarily blocked for a half-hour. That 'cool-down' period makes it impossible for an external party to brute-force their way into a customer account using generated password attempts.

Senomix allows use of Security Assertion Markup Language (SAML) Single Sign-On systems, which lets a business use their own third-party authentication system (Microsoft Entra ID / Active Directory, OneLogin, PingIdentity, etc.) to control user authentication.

For an additional level of security, user accounts can be secured using two-factor authentication (2FA) that generates a unique code on each sign-in that can be confirmed using a business's choice of authentication tool. We recommend using Authy (https://www.authy.com) to manage 2FA codes. Authy allows an individual to easily share the same authenticator across devices. So, the next time you upgrade your phone, you can easily transfer your security codes in one step.

Other Notable Security Measures

Access to our systems infrastructure and customer personal data is restricted.

All customer personal details (such as your name and address) are considered confidential. Non-management employees and contractors do not have access to customer details. Our support staff are only granted access to your email and full name to assist with support requests you initiate.

Confidentiality obligations bind all employees, contractors, and agents.

We run multiple firewalls to protect from Distributed Denial of Service (DDoS) and spam attacks.

We use external monitoring of systems to ensure we are notified in the event of a service issue. Most issues are resolved by our managed service providers before there is any possibility of service interruption.

Have Questions?

We are always happy to help. If you have any questions, please feel free to contact us with yours.