Security Policy

(Art. 13 D.Lgs. 30 giugno 2003, n. 196  "Codice in materia di protezione dei dati personali")

We respect your privacy and we are committed to protecting all your data and keeping it secure. As you continue to read more about UTOPIA, we recommend that you also review our Terms of Use and the Privacy Policy.

Infrastructure

• All our services work in the cloud. UTOPIA does not manage its own routers, load balancers, DNS servers or physical servers.
• All our services and data are hosted in the Amazon Web Services (AWS) in Europe.
• All our infrastructure is in the AWS/Ireland data center (eu-west-1 availability zone).
• All our servers are within our virtual private cloud (VPC) with network access control lists (ACLs), that prevent the access to unauthorized requests to our internal network.
• UTOPIA uses the MongoDB Atlas backup solution for datastores containing customer data. We make 1 complete snapshot of data every 6 hours and make it available for 4 days. We also make a daily snapshot that we make available for 7 days, a weekly snapshot that we make available for 4 weeks and finally a monthly one that we make available for 12 months.
• Our team implements all the procedures and best practices necessary to achieve and guarantee a 100% system availability rate (SLA).
• However, the guaranteed real up-time is 99.99%. From this %, all the programmed service interruptions for the release of new features, malfunction corrections, and system optimization are excluded.

Data and right to be forgotten

• All customer data is stored in Europe.
• Customer data is stored in a multi-tenant database. We do not have individual databases for each customer. However, there are accurate privacy checks in the application code designed to ensure data privacy and to prevent a customer from accessing data from others. We have written many unit and integration tests to ensure these controls work as intended. These tests are performed every time the code is updated and, even in the case of a single failure, the new code is not released in production.
• The data are the property of the customer who at the end of the contract can, at any time, export them in CSV format.
• UTOPIA guarantees the right to be forgotten. In an autonomous way and without the need for our staff to intervene at any time, customers can destroy their data from our systems (including backup). For security reasons, only the owner of a domain has access to this feature from the Settings menu of his account.

Transfer of data

• All data sent to or from UTOPIA is encrypted during transit using 256-bit encryption.
• Our APIs and application endpoints use only TLS / SSL protocols.

Authentication

• UTOPIA is served 100% on https.
• The authentication is based on a single factor and expects the insertion of a password that respects the following criteria of robustness: minimum 10 alphabetic characters, at least 1 character between! $% &? @ #, a number, and a capital letter

Payment management

• Processing of payments for the purchase of UTOPIA services is performed by Stripe. For more information on Stripe's security practices, see https://stripe.com/docs/security/stripe.