Skip to main content

Data security

To ensure safe data processing, we rely on industry security standards and regularly review our policies. Below, we highlight the most important aspects of our cloud IT sec. Please get in touch with us if you have any questions, additional security requirements, or other concerns. You can direct questions about data privacy directly to our data protection officer.

Data protection concept

Our IT security concept provides for a strict separation of the data areas of our customers – to be more precise, even within customers if they host different domains with us. Access is only possible with an API key that grants access to a fixed number of domains. Data transmission is encrypted – without exception!

GDPR

Not least because our customers process sensitive and sometimes also personal data with semantha , we attach great importance to IT security and data protection. We conclude corresponding agreements with our customers and work in a DSGVO-compliant manner. We will be happy to answer any questions you may have – you can contact our data protection officer at privacy@semantha.net.

EU Hosting

Our software is hosted exclusively on servers in the European Union. Our service providers’ data centres are ISO 27001 certified and guarantee a high level of security and very high availability.

semantha

  • Data Content: You – and only you – control what “your” semantha knows. We do not share data between instances or customers (unless you tell us to). The very same is true for all training data (and the resulting models) you supply for semantha’s trainable  components.
  • RESTful Web Service: Your background knowledge aside, semantha does not store the processed documents and forgets about your request (and her response) upon completion of your request.
  • Encryption at Rest: All data within semantha’s database(s) encrypted at rest.
  • Data Isolation: The persistence layers for your co-workers are (at least) logically isolated and not shared with other co-workers to minimize the impact of a disaster. 
  • Encryption in Transit: All access to semantha is encrypted using TLS (HTTPS), see below for details.
  • Maintenance Access: Common maintenance tasks are not performed manually but automatically including an audit log. Access to the maintenance tasks is restricted to essential personnel.
  • Administrative Emergency Access: Only authorized personnel can access the servers under exceptional circumstances. Of course, this access is only possible when authenticating properly and using encrypted channels. Every access is logged.

API Access / End-Users

  • Encryption in Transit: Traffic, both inbound and outbound, to/from our cloud services is encrypted via TLS (HTTPS). Our TLS security policy conforms to modern cryptography best practices which are continually reviewed and updated: The supported encryption methods/protocols are subject to change as we regularly remove older (weaker) encryption standards in favor of newer (stronger) ones.
  • No Unencrypted Access: We strictly enforce encryption – even if you’d want to, you couldn’t access the services without encryption. Our website and API do not support or provide access via any unencrypted endpoints. Neither the user interface nor semantha’s API is accessible without encryption.
  • User Authentication and Authorization: We strongly recommend integrating semantha in your existing identity management system and to use openID connect for authentication and authorization. Other means of authentication can be made available upon request.

API Access / Integrations and Systems

  • API Access for Integrations: Again, we enforce TLS for all communication with semantha’s API –  even if the accessing client is another software system.
  • Systems Authorization: Since openID connect is designed for authenticating end-users and not (other software) systems, we can issue API key(s) for the accessing system(s). Please get in touch with our support team if you have any questions.

SaaS / Cloud Hosting

We offer semantha as a Software as a Service where we run semantha for you and provide you with access credentials.

  • Data residency: We run all our servers in European countries. Upon special request, we can designate a specific region for your data.
  • ISO/IEC 27001:2013: All our IaaS providers are regularly audited and certified.
  • Systems Monitoring: All our systems are monitored 24/7 automatically. We monitor system health parameters as well as OS and software updates.
  • Network-Level Security: We protect our systems not only on the OS/software level but also on the network/infrastructure level and expose only the services necessary for operation.

If you wish to integrate semantha inside your company’s IT infrastructure, we’ll find a way. Simply get in touch with us.

Customers

We have written extraordinary success stories with some of our clients. You can read them here: Success stories.