Data Security

We place great emphasis on ensuring the security of the data we work with. Here is an overview of the measures we have taken for that purpose.

Privacy

Moodup complies with the provisions of the GDPR and Act No. 90/2018 on the protection of personal data and the processing of personal information in all its operations. Moodup only processes personal information based on documented instructions from the data controller.

Moodup's obligations regarding privacy are listed in a processing agreement signed before processing personal information on behalf of the data controller. More information about privacy at Moodup can be found here: /privacy

Encryption

All data that Moodup processes on behalf of the data controller is stored encrypted using the AES (Advanced Encryption Standard) algorithm. All communication to and from Moodup's web servers is encrypted using the TLS v1.3 standard.

Moodup's web servers are protected by firewalls to ensure that only encrypted communication can take place.

User passwords at Moodup are stored in a hashed form and are therefore never accessible to staff.

Backup

Moodup's databases are backed up daily, and the backups are stored in an encrypted form to minimize the risk of data loss. Backup copies are stored on separate web servers that are only accessible to Moodup staff through SSH communication, which is encrypted with a password and a security key generated according to the SHA-256 standard.

Backup copies are deleted after 30 days to ensure that personal information is not stored longer than allowed by the provisions of data processing agreements.

DDoS Protection

Moodup uses name servers and dedicated web servers designed to protect against Distributed Denial-of-Service (DDoS) attacks. All user and guest communication with Moodup's web servers goes through these name servers and web servers to prevent DDoS attacks from compromising the security of the data stored in Moodup's databases.

Communication through the servers that protect Moodup's databases against DDoS attacks is also encrypted, just like communication with other Moodup web servers.

Data Centers

Moodup's web servers and databases are hosted in data centers that are designed, built, and monitored around the clock to ensure security against unauthorized access and natural disasters.

The data centers are surrounded by controlled access gates. Security cameras are used to monitor who has access to the buildings and the secure areas within them.

Moodup only uses data centers located within the European Union and signs data processing agreements with their operators to ensure compliance with GDPR provisions.

Employee Access

All Moodup employees sign a confidentiality agreement before they are granted access to the company's databases and web servers. Access to data is granted based on the principle that employees only have access to the data necessary to perform their tasks.

Employee access rights are regularly reviewed to close access to data that the employee no longer needs to work with.

Moodup requires employees to protect the workstations they use to access and work with data with passwords that meet minimum requirements for length and complexity. Employees must always lock their workstations when they are away from them.

User Access

All Moodup users are required to set up two-factor authentication when creating an account. If a user tries to log in from a new location or more frequently than usual, they need to verify their identity with both authentication factors.

Moodup requires users to create passwords with minimum length and complexity to make brute force attacks infeasible. Moodup also temporarily blocks access from an IP address to its web servers if multiple login attempts occur within a short period of time.

Moodup has an access control system that allows workplaces to ensure that managers only have access to the data they are authorized to work with. For example, access by managers to specific areas or departments within the workplace can be restricted.

Logging

Access to Moodup's web servers and databases by both employees and users is logged through a logging system each time they access or work with data.

Employees who have been authorized to review entries in the logging system regularly review the entries to ensure that access to data is in accordance with the authorizations of the respective employees and users.

The logging system does not store personal information but only stores information about the Moodup identification number for the respective user/employee, the timestamp, and reference numbers for the data they accessed or worked with.

Review

Moodup conducts annual reviews of its policies and processes regarding both data security and privacy. During such reviews, Moodup works with specialists in the respective fields, such as legal experts and data security specialists, to ensure compliance with the best industry practices.