Encryption of data
Sensitive data stored in Falcon's corporate network is encrypted with AES-256. This applies to all types of stored personal information such as first and last names, email addresses, activities or measures. The key management is exclusively under the control of Nordantech. All of Falcon's encrypted values are signed using a message authentication code (MAC) so that their underlying value can not be modified or tampered with once encrypted.
Encryption of data traffic
Falcon uses the latest encryption technology to encrypt transit traffic using TLS 1.3 protocols, AES-256 encryption, and SHA-256 signatures. The key exchange is secured using RSA-2048 encryption. Mail dispatch is also encrypted using opportunistic TLS.
Backups at different locations
All data is stored redundantly and encrypted in high-security data centers. Automatic online backups prevent data loss in exceptional situations such as hardware failure or natural disasters.
ISO certified data centers
All data centers are ISO 27001 certified and provide the world's leading security standard. Data centers are protected by security guards, video surveillance, alarm systems, emergency power, security protocols, authentication rules, etc. 24 hours a day, 365 days a year.
Server in Germany
All Nordantech servers are located in Germany. Thus Falcon meets the requirements of the Federal Data Protection Act and the EU Data Protection Basic Regulation.
Nordantech divides its systems into separate networks to better protect sensitive data. Systems that support testing and development activities are hosted on a separate network, separate from application systems. Network access to Falcon's production environment from open networks is limited.
System status always visible
To build trust with our customers and partners, the Falcon status page shows the availability of the software and all distributed systems over the last 12 hours, 7 days, 30 days and the whole year.
Resistance to attacks and 2FA
IDS and IPS monitor all networks and/or systems for malicious activity and scan suspicious content. Heuristics-based network flow monitoring and integrated minimization of common and most frequently occurring DDoS attacks ensure that IT systems are resilient to attacks. With two-step confirmation by sending an SMS TAN, user accounts can be additionally secured in case unauthorized persons get hold of a password.
Notifications of unusual logins
The security of user accounts is enhanced by email notifications sent when logging in from an unknown device or Internet browser. These messages tell you from which device someone tried to log in and where the device is located. This allows Falcon users to respond immediately to suspicious logins. For security reasons, logins via new devices or new locations must always be confirmed with a confirmation code.
Nordantech and the GDPR
For Nordantech, security and privacy are of paramount importance. Our customers attach great importance to the following important questions, which we answer here.
Are my data secure in Falcon?
Nordantech uses a variety of methods to protect your information. We are committed to ensuring that our infrastructure is resilient, protected against data loss, and accessible to third parties. All data is stored encrypted using AES 256 and transmitted over secure connections. We are proud to exceed industry standards when it comes to protecting your business. Many of our security procedures are described in more detail at the top of this page.
Where are Nordantech and Falcon servers located?
For the operation of Falcon we only use our own servers in the German data center (Frankfurt) of our provider Amazon Web Services. The data is stored encrypted using AES 256 within our own private cloud (VPC) and is not accessible to third parties. Additional servers within the EU are also used for the active connection between front- and backend. A current overview of all subcontracting relationships can be found here.
Who owns the data transmitted to Falcon?
As a customer, you own and control all content transmitted to Falcon. We thus process your data on your behalf. Your data will not be used or further processed for other types of use beyond the scope of your order. All further information on the handling of your data can be found in our current data protection policy.
Does Nordantech retain my data after the end of its use?
The default setting is that all data is retained as long as a Falcon hub exists. All test hubs are automatically deactivated after 30 days and released for deletion after a further 3 months. The automatic deletion will permanently delete all data that has been released for deletion for at least 3 months. For paid hubs, the situation is different after deactivation: For security reasons, these hubs are archived for an indefinite period of time and are retained until you as the customer actively request deletion.
What export and security options are available to me?
All administrators can export all hub data (profiles, schedule, effects, status) at any time. Each export is accompanied by an email with a download link and the location information of the requesting user. The download is then possible for 3 days. After this period the export file will be deleted.
Does Nordantech conclude contracts for order data processing?
Of course we have a standard order data processing (so-called ADV contract). This can be concluded at any time. If required, simply contact us personally.
Can we call you back?
We will call you back at a time convenient for you and answer all your question in a brief phone call.