Security of Convoflo

The best platform for exchanging files and confidential messages.

Our philosophy

Emails, as we know, are very popular for valid reasons which explain its strong presence in a company’s operation… even to this day.

Dangerous reality #1

Everyone has an email address with its mailbox on their electronic devices (computer, phone / tablet). In terms of accessibility, it couldn't be better.

Dangerous reality #2

It is possible to get in touch by email with someone we don't know. Think about it, it is a reality that systematically requires increased vigilance.

What needs to be changed #1

An unknown person could send you an email hacking attempt on all your devices.

What needs to be changed #2

Keep the content of emails only for non-sensitive information.

Convoflo and SOC 2 Certification

Convoflo's SOC 2 certification is the result of an independent audit conducted by a third party, confirming the implementation of rigorous controls in security, privacy, and data management.

This certification aims to help our users and their auditors better understand the control measures and processes Convoflo applies in its daily operations, in line with the high standards of information security and compliance.

With this certification, Convoflo reaffirms its commitment to the reliability and protection of its users' data.

The best security advice is to start simple and effectively

Engage your employees in a safety policy with shared responsibility

Reality

Computer security is a science with countless variations. On the other hand, there is a basic cyber-hygiene, such as not using emails to share and store confidential content, that must be present in order to optimize your level of security.

What needs to be changed

There are several tools that offer you very high levels of protection, but it is important to validate that they are easy to use. A very common trap, but one that you must avoid, is setting up a security solution that is complex to use. For example, if you ask not to use emails in your organization, but your alternative solution is not user-friendly and simple to use, your clients and colleagues will very quickly abandon the secure solution and unsecured email will return to your operations.

Invest in security solutions that are simple to use

Reality

A low level of awareness and a malicious state of mind are explosive elements to undergo a cyber incident deliberately triggered by an insider.

What needs to be changed

Training on the value of data and on the definition of the data processed by your organisation is the key to avoid internal cyber attacks. Once the training is done, your employees need to commit to good governance and use of the data they will be processing as part of their job. When we are accountable for our actions, it always has been a good formula for doing the right thing.

Beware of widespread computer systems in your organization.

Reality

Excessive promise that technology brings absolute productivity. Whether it's after following the advice of a representative from a large foreign company or an operational performance consultant.

What needs to be changed

Your company should not have all its activities on the same system or have all its data centralized on the same server or network.

Our offer

Encrypted sharing platform which is easier to use than email

We position ourselves as a portal to your company that, at its simplest, replaces the sharing of confidential data by email.

Convoflo is safer, but also much more productive for everyone. Avoid hours of searching through your email chains to find an attachment or a note received by email. With Convoflo, it's only a matter of seconds before finding your confidential content. We are continually researching and developing to be a leader in what we do. Naturally, when we talk about security, in addition to offering the latest standards in data security and governance (availability, integrity and confidentiality of data), we use the best encryption practices.

If you want to know more about Convoflo's security and what it can do for your organization, get in touch with one of our experts.

Convoflo infrastructure security

Data Hosting

Convoflo uses Amazon Web Services to host your data in Canada (Canada Central). AWS also maintains the following certifications: HIPAA, GDPR, ISO 27001, SOC 1/2/3, Directive 95/46/EC and PCI DSS Level 1

Two Step Authorization

Combined with the Google Authenticator app, one-time password codes are used for two-step authorization in Convoflo. Even if your password is stolen, your account will not be accessible to a potential hacker.

Data isolation

User data is isolated at the database level. We also offer isolation at data center level. The data of our users is isolated in such a way that there is no possibility of receiving access of another user's data by accident.

Your Data is Safe

Even in places with public WiFi connections (cafes and airports), Convoflo passwords cannot be stolen. Users can confidently open their Convoflo account in public places via WiFi or mobile network connections. Convoflo is accessible exclusively via an SSL connection, regardless of the action you take on the platform.

Data Storage

All data centers used by Convoflo are protected in accordance with the strictest industry certifications and standards (which includes access to physical storage media based on biometric data and maximum protection against intrusion). All the details here.

Proactive Protection

Convoflo has more than 10 years of experience in developing web projects according to the highest industry standards in terms of security and performance. Convoflo users benefit from all this experience and our development philosophy "privacy by design".

Available 24/7

Convoflo uses two independent data centers and redundancy to ensure that the service is available to the maximum.

Backup

Backup copies of your data are created daily.

Data transfer

Data transfer for all users is carried out via an SSL-encrypted connection.

Policies and security

Privacy Policy

Your data deposited on our architecture is encrypted in transit and at rest. We do not earn any revenue from the sale of user data on our architecture.

Terms and conditions of use

The services that Convoflo™ provides to its users are subject to the following terms of use. Convoflo™ reserves the right to modify and update the Terms of Use at any time without notice. The most recent version of the Terms of Use can be consulted by following this link: www.convoflo.com/terms-of-use

GDPR

The GDPR is a good thing to eliminate the malicious exploitation of digital data in the business world. Whether it's the completely transparent use of information, more visibility into processing or the right to forget. We have online governance with GDPR. If you have any questions regarding this subject, you can send an email to the following address: gdpr@convoflo.com

DPA

DPA means "data processing agreement". When Convoflo works with suppliers who will process confidential data (customers, prospects, employees, ...) in the course of providing services, it is mandatory to enter into a data processing agreement or DPA. This applies to our clients towards their clients.