To ensure safe data processing, we rely on industry security standards and regularly review our policies. Below, we highlight the most important aspects of our cloud IT sec. Please get in touch with us if you have any questions, additional security requirements, or other concerns. You can direct questions about data privacy directly to our data protection officer.

semantha^®

• Data Content: You – and only you – control what “your” semantha^® knows. We do not share data between instances or customers (unless you tell us to). The very same is true for all training data (and the resulting models) you supply for semantha’s trainable  components.
• RESTful Web Service: Your background knowledge aside, semantha^® does not store the processed documents and forgets about your request (and her response) upon completion of your request.
• Encryption at Rest: All data within semantha’s database(s) encrypted at rest.
• Data Isolation: The persistence layers for your co-workers are (at least) logically isolated and not shared with other co-workers to minimize the impact of a disaster. 
• Encryption in Transit: All access to semantha^® is encrypted using TLS (HTTPS), see below for details.
• Maintenance Access: Common maintenance tasks are not performed manually but automatically including an audit log. Access to the maintenance tasks is restricted to essential personnel.
• Administrative Emergency Access: Only authorized personnel can access the servers under exceptional circumstances. Of course, this access is only possible when authenticating properly and using encrypted channels. Every access is logged.

API Access / End-Users

• Encryption in Transit: Traffic, both inbound and outbound, to/from our cloud services is encrypted via TLS (HTTPS). Our TLS security policy conforms to modern cryptography best practices which are continually reviewed and updated: The supported encryption methods/protocols are subject to change as we regularly remove older (weaker) encryption standards in favor of newer (stronger) ones.
• No Unencrypted Access: We strictly enforce encryption – even if you’d want to, you couldn’t access the services without encryption. Our website and API do not support or provide access via any unencrypted endpoints. Neither the user interface nor semantha’s API is accessible without encryption.
• User Authentication and Authorization: We strongly recommend integrating semantha^® in your existing identity management system and to use openID connect for authentication and authorization. Other means of authentication can be made available upon request.

API Access / Integrations and Systems

• API Access for Integrations: Again, we enforce TLS for all communication with semantha’s API –  even if the accessing client is another software system.
• Systems Authorization: Since openID connect is designed for authenticating end-users and not (other software) systems, we can issue API key(s) for the accessing system(s). Please get in touch with our support team if you have any questions.

SaaS / Cloud Hosting

We offer semantha^® as a Software as a Service where we run semantha^® for you and provide you with access credentials.

• Data residency: We run all our servers in European countries. Upon special request, we can designate a specific region for your data.
• ISO/IEC 27001:2013: All our IaaS providers are regularly audited and certified.
• Systems Monitoring: All our systems are monitored 24/7 automatically. We monitor system health parameters as well as OS and software updates.
• Network-Level Security: We protect our systems not only on the OS/software level but also on the network/infrastructure level and expose only the services necessary for operation.

If you wish to integrate semantha^® inside your company’s IT infrastructure, we’ll find a way. Simply get in touch with us.