ValPlan is engineered to protect your data. Gilb International AS and RSBA Technology Ltd. have a defined procedure for data handling. Gilb International AS and RSBA Technology Ltd. do not access your data without prior written consent.
The ValPlan.net system database is run and managed by IBM Compose (Ref 1), which provides a fully - managed Database - As - A Service platform. All Compose Hosted and Compose Enterprise deployments have encryption at rest. All of Compose's servers have volume-level encryption enabled. For full details of the Compose.io terms of service, encryption and other security related policies, please see Ref.2.
All user content is stored in a shared Compose.io - managed MongoDB database (v3.6.15) hosted in EU regions of the Amazon Web Services ("AWS") platform (see Ref 3). User content can also be found in database backups; for more information on how Compose manages backups, see Ref 4.
(** New 5 April 2020) Access to the database is encrypted on the wire using SSL (Compose.io use Let's Encrypt certificates - see ref 12). Database access is restricted to a set of whitelisted Meteor Galaxy IP addresses (Ref. 13),
To access the Compose.io administrator console, authorized and trained employees and suppliers authenticate using unique strong passwords and 2-factor authentication (see Ref. 5). Compose does not enable direct access to the servers or MongoDB database. For more information on the Compose MongoDB Data Browser, see Ref. 6
The ValPlan.net application is written using the MeteorJS framework (Ref. 7). The application servers are run and managed by Meteor Galaxy, a fully - managed plaform-as-a-service for running MeteorJS applications (see Ref. 8). The service does not provide direct access to production servers or infrastructure.
Application servers are hosted in EU regions of the AWS EC2 platform, in the same datacenter as the system database.
All traffic between end-user browsers and REST API endpoints and the ValPlan servers are encrypted using AES128bit SSL with Let's Encrypt certificates (see Ref 9).
For more information on Meteor Galaxy security and systems policy, please refer to Ref. 10.
ValPlan requires users to log in using a password, which is encrypted using industry-standard bcrypt algorithm (see Ref 11). ValPlan requires a minimum of 8 characters. Passwords are stored in a hashed form and will never be sent via email—upon account creation and password reset, ValPlan will send a link to the email associated with the account that will enable the user to create a new password.
Access to the database is encrypted on the wire using SSL (Compose.io use Let's Encrypt certificates - see ref 12). Database access is restricted to a set of whitelisted Meteor Galaxy IP addresses (Ref. 13),
2020-03-10 Created Document