Security FAQ

We take security seriously at Evalmee

Written By Florian Barral

Last updated About 2 months ago

The short answer:

We take security seriously at Evalmee - we're fully GDPR compliant. Keeping your information safe and respecting your privacy rights is super important to us.

Where is Evalmee hosted?

We are hosted on cloud providers such as Scaleway (France) and AWS France (France). Our hosts provide strict security measures on the infrastructures and are compatible with many certifications that you can find on their respective websites:

AWS : https://aws.amazon.com/security/
Scaleway : https://www.scaleway.com/en/security-and-resilience/

Is customer data encrypted?

Yes, all customer data is encrypted at rest and in-transit:

In transit: We use HTTPS (TLS 1.2 / TLS 1.3) to encrypt all traffic served to end-users.
At rest: Sensitive data is encrypted at rest (AES-256), or hashed, in accordance with industry standards.

What other 3rd-party services process data?

We only share your data with certain companies that help us make our services better for you. You can see the full list of our subprocessors from here.

How well is Evalmee protected against common web application vulnerabilities?

Our infrastructure includes the following protections:

All services run behind Cloudflare, which provides built-in DDoS protection and rate limiting
All traffic is served over HTTPS
Our infrastructure is distributed across multiple zones and is secured through:
- The use of virtual private networks (VPC)
- A firewall that controls incoming and outgoing network traffic
Access to servers is limited to authorized members of the Evalmee team and is done via username and key to eliminate "brute force" attacks on passwords
Evalmee is automatically notified of vulnerabilities discovered in the software components used to quickly apply necessary updates
All our team members are well-versed in common web application vulnerabilities and we always design our systems and code with a defense-in-depth approach

In short, we follow OWASP best practices and regularly review our infrastructure and code for vulnerabilities.

Data Processing Agreement (DPA)

We offer a comprehensive Data Processing Agreement (DPA) that clearly outlines the responsibilities and obligations in data processing, aligning with GDPR standards.

For a signed version, please reach out to support@evalmee.com

Is Evalmee GDPR compliant?

Yes, Evalmee is fully GDPR compliant. Keeping your personal information safe and respecting your privacy rights is super important to us.

We are deeply committed to the protection of personal data and ensuring compliance with the General Data Protection Regulation (GDPR).

If you want to know more about your data, change something, or even ask us to delete it, we're here for you. You can chat with us live on our website or email support@evalmee.com