Basecone takes the security and availability of your data very serious and we respect your privacy. This is on top of our mind, day in and day out. There are many procedures and measurements that we have put in place to ensure your data is secure, handled with care and is available for our users.
On this page we tell you more about various topics related to security, availability and privacy. We recommend you to read our Terms and Conditions and Privacy Statement, to get a better understanding and background of our Application(s).
- All our services and all of your data – in production – reside in Amazon Web Services (AWS) facilities in Frankfurt Germany, where we use various ‘zones’ (availability zones) to ensure we are available for you when one of the zones fails.
- All Services of Basecone run in the Cloud. Basecone uses Elastic Load Balancing of AWS to adjust to traffic demands, this means that depending on the demand of https://secure.basecone.com the entry point adjust sizes to fit our customer’s demand. This gives us out of the box security settings like DDoS protection, SSL Security Protocols, Cyphers and Options.
- All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
Automation of build and release
- We have daily releases without downtime and a bi-weekly maintenance window with downtime on a Thursday night, outside business hours. Major builds are released every two weeks and announcedon our status page.
- We have many unit and integration tests in place to ensure Basecone works as expected. These tests are run every time our codebase is updated and even one single test failing will prevent new code being shipped to production.
Our levels of service
All customer data is stored at AWS in Frankfurt, Germany.
Customer data is stored in our database and fileservers, we do not have individual data stores for each customer. However strict privacy controls exist in our application code to ensure data privacy and prevent one customer from accessing other customers data.
We use New Relic and AWS native tools for application, server and service monitoring. Also 3rd parties monitor our endpoints to ensure if a problem arises, we detect it early and advise our customers.
All user activity is and these logs are stored in a separate system and cleaned daily.
We use a Bastion host to log into each server. The IP and login details are stored for traceability.
is part of the Wolters Kluwer company which ensures our application to be internally audited – on a yearly basis – by an independent Security Audit Department. This means they audit our source code, access our control framework, but are also actively engaged during the development process to ensure security at all levels of the application.
Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.