Security policy

Effective Date: December 10, 2025

Overview

BetterFlow, operated by Better Quality Assurance S.R.L., maintains a comprehensive approach to protecting your data, systems, and operations through documented security standards.

Compliance framework

Our organization adheres to the following standards and frameworks:

  • ISO 27001:2013 - Information Security Management
  • ISO 9001:2015 - Quality Management Systems
  • GDPR - General Data Protection Regulation

We maintain designated security officers and conduct regular security assessments.

Access control mechanisms

Authentication

  • Strong password requirements (minimum 8 characters, mixed case, numbers, symbols)
  • Separate portals for staff and clients
  • Automatic account lockout after failed login attempts
  • Session timeout policies

Authorization

Role-based access control follows a strict hierarchy:

  • Super Admin - Full system access
  • Admin - Organization-level management
  • Employee - Standard user access
  • Client - Limited project-specific access

We follow least-privilege principles and conduct regular permission reviews.

Data protection measures

Encryption

  • In Transit: TLS 1.2+ for all data transmission
  • At Rest: AES-256 encryption for databases

Data classification

Data is classified into the following categories:

  • Public - Publicly available information
  • Internal - Business operational data
  • Confidential - Sensitive business information
  • Restricted - Highly sensitive personal data

Infrastructure security

  • Enterprise-grade firewall protection
  • Intrusion detection and prevention systems
  • DDoS mitigation services
  • Hardened server configurations
  • Automated security patching
  • Kubernetes container security

Operational safeguards

Audit logging

  • 30-day activity log retention
  • Tamper-proof storage
  • Comprehensive action tracking

Incident response

  • 24-hour initial response commitment
  • 72-hour GDPR breach notification compliance
  • Documented incident response procedures

Backup strategy

  • Daily automated backups
  • 30-day backup retention
  • Geographically distributed storage
  • 4-hour Recovery Time Objective (RTO)
  • 24-hour Recovery Point Objective (RPO)

Physical & third-party security

Data center security

  • Tier 3+ certified data centers
  • 24/7 physical security monitoring
  • Biometric access controls

Vendor management

  • Security assessments for all vendors
  • OAuth 2.0 integration controls
  • Data Processing Agreements in place

Contact information

Security Incidents: [email protected]

Vulnerability Disclosure: [email protected]

Phone: +40 751 289 399

Terms of Service · Privacy Policy · Cookie Policy · Acceptable Use