Security
We take your data security very seriously. All necessary measures are put in place to go above and beyond industry expectations and requirements.
General Compliance
Data Hosting
Data is hosted with Amazon Web Service (AWS) in Montreal. For more information on our supplier’s security processes, visit AWS Compliance.
Encryption at Rest
All data is encrypted at rest. Encryption algorithms such as AES-256 and Eksblowfish are used.
Encryption in Transit
All data is encrypted in transit with TLS/SSL.
Vulnerability Scanning
We have several vulnerability scanning processes. From the quality control process through to final delivery. Vulnerability scanning tools such as AWS Security Hub, AWS Detective, AWS GuardDuty are in place to monitor the infrastructures.
Incident Response
Response and resolution times are relative to the criticality level of the vulnerability found. This includes escalation procedures, rapid mitigation and communication.
Penetration Tests
Automatic penetration tests are carried out regularly, along with analyses of SSL certificates, server configurations and outdated technologies, to protect against the top 10 vulnerabilities established by OWASP.
Protection Against Intrusion
Our web applications are protected by AWS Web Application Firewall. This service protects us against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
Technology Updates
In order to eliminate security vulnerabilities, improve the platform's features and enhance support for new devices, the latest operating systems and web browsers will be supported.
Logging and Monitoring
We actively monitor various cloud services used by the platform.
Security Standard
We work actively to comply with security best practices, like OWASP’s ASVS V4.0 d’OWASP.
Data Continuity and Disaster Recovery
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We use monitoring services to alert the team in the event of any failure affecting users.
Confidentiality
All team members are required to sign and adhere to an industry-standard confidentiality agreement before their first day of work.
Background Checks
We conduct background checks on all team members in accordance with local laws.
Access Security
Permissions and Authentication
Access to cloud infrastructure and other sensitive tools is restricted to authorized employees who require it for their roles. Where appropriate, we have single sign-on (SSO), 2-factor authentication (2FA) and strong password policies to ensure that access to cloud services is protected.
Least Privilege Access Control
We apply the principle of least privilege when it comes to identity and access management.
Password Managers
All company-issued laptops use a password manager for team members to manage passwords and maintain password complexity.
Cyber Risk Insurance
Optania is protected by cyber risk insurance.
Protection of personal information
At Optania, the protection of personal data and respect for privacy is at the heart of everything we do. In addition to our privacy policy, which is published on the websites and mobile applications of our various products, we have appointed a person responsible for the protection of personal data.
Responsible for personal information
- Optania Éducation Inc.
- 284 Rue de l'Hôtel de Ville
- Saguenay, QC (G7H 1R7)
- Canada
- E-mail: prp@optania.com
Third Party Service Providers
To obtain support with the delivery, maintenance, protection and improvement of our services, Psylio shares information with a small group of trusted partners, suppliers and organizations to be processed on our behalf and in accordance with our instructions, privacy policies and any privacy, security or other requirements. These companies only have access to the information necessary to provide the intended services to Psylio.
The first table below shows the third-party service providers that Psylio uses for its product, how Psylio uses their applications, and the information that is shared with or collected by these providers. The second table contains the same information, but for the providers used in our operational activities.
This list may change over time, and we will strive to keep it up to date. If you have any questions, please contact us at support@psylio.com.
Third Party Service Providers for the Psylio Product
| Name | Link to their Privacy Policy | How is the provider's service used? | Data collected by these partners or shared between them and Psylio |
|---|---|---|---|
| Amazon Web Services | https://aws.amazon.com/fr/agreement/ | AWS provides Psylio with servers and document storage. | All content uploaded by users (files, images) is hosted by AWS. The application code is hosted on AWS servers. All user data and product events are stored here. All personal data written is encrypted at rest and the transfer is also encrypted. |
| Bugsnag | https://docs.bugsnag.com/legal/privacy-policy/ | Bugsnag allows us to track errors and anomalies on our servers. | User-level production of server logs and product event logs. |
| CookieYes | https://www.cookieyes.com/privacy-policy/ | CookieYes manages cookie consent in compliance. | CookieYes records user consent for the various cookies present in Psylio. |
| Google Analytics | https://policies.google.com/privacy?hl=en-CA | Google Analytics allows us to manage and monitor user interactions. | Psylio records user event data in Google Analytics to better understand their behaviour. |
| Google reCAPTCHA | https://policies.google.com/privacy?hl=en-CA | Google reCAPTCHA protects our website from fraud and abuse. | Google reCAPTCHA verifies requests with a score to block. |
| Oh Dear | https://ohdear.app/privacy | Ohdear provides real-time status updates for our web applications. | Psylio service status information. |
| Postmark | https://postmarkapp.com/privacy-policy | Postmark allows us to send updates by email. | Email addresses and other associated user-level data (e.g., name). |
| Sendgrid | https://www.twilio.com/legal/privacy | SendGrid allows us to send updates by email. | Email addresses and other associated user-level data (e.g., name). |
| Sentry | https://sentry.io/privacy/ | Sentry allows us to monitor and view our servers’ performance. | User-level production of server logs and product event logs. |
| Stripe | https://stripe.com/en-ca/privacy | We use Stripe to process online payments. | Billing information, name and address of the customer purchasing the product, type of sale, sale amount, method of payment and payment details (credit card information). |
| Zoho Desk | https://www.zoho.com/privacy.html | Zoho allows us to organize and respond to support requests. It also allows us to manage the knowledge base. | As part of the process of responding to support requests, Psylio provides Zoho Desk with the email address of teachers who submit a request and the content of these requests (e.g. bug reports). Users can also provide information directly to Zoho Desk while their support request is being responded to and while they communicate with a customer service representative. |
Third Party Service Providers for our Operations
| Name | Link to their Privacy Policy | How is the provider's service used? | Data collected by these partners or shared between them and Psylio |
|---|---|---|---|
| GSuite for Work | https://policies.google.com/privacy?hl=fr-CA | This workspace is used by Psylio for internal emails, documents, slideshows, spreadsheets, etc. | Psylio uses Google services to store its own emails and files. As part of its use of these services, Psylio may communicate personal information to Google, for example, if a user sends an email to an employee requesting support. |
| Slack | https://slack.com/intl/en-ca/trust/privacy/privacy-policy | This messaging platform is used for Psylio's internal communications and notifications. | As part of the investigation following a bug report or other support request, and the resolution of the bug where appropriate, members of the Psylio team collaborate using Slack instant messaging, and in doing so may share the email address of the person making the request and the content of the request (e.g. bug reports, other support centre request) internally. |
| Trello | https://www.trello.com/privacy/ | This internal project management platform is used to organize the work done by our staff. | Trello is a work management platform that allows us to organize projects and tasks between our different teams. We use it to manage product development. |
| Zoho CRM | https://www.zoho.com/privacy.html | Zoho is used to manage and track conversations with potential and current customers. | Zoho retains copies of email exchanges and customer information, including name, email address, physical/mailing address, and organization name. |