Security

Security at Hamina Wireless

At Hamina Wireless, security stands as more than just a feature; it remains our foremost priority. Since our inception, a commitment to securing your data has been integrated into the core of our company culture, steering our dedication to safeguarding your valuable information

Security Practices

We employ strong security practices, including industry-standard data encryption, partnerships with reliable infrastructure providers, and security controls audited by certified experts.

Continuous Monitoring

Behind our security practices is a skilled team of professionals with extensive experience in the field of security, supported by years of industry knowledge and a proactive approach to evolving threats.

Certifications

We uphold a SOC 2 Type 2 certification, underscoring our commitment to strong security practices. For more detailed information on our security measures, you can request access to our SOC 2 Type 2 report and our security policies.

Frequently asked questions

How is my data secured in Hamina Planner?

We employ industry-standard encryption protocols to ensure the security of your data. Data in transit is protected using TLS, while data at rest is encrypted AES-256. These measures help safeguard your information both during transmission and while it is stored within our systems.

Are your servers and data centers secure?

Yes, our infrastructure is hosted with reputable providers that maintain high levels of physical and digital security. We regularly audit our hosting partners to ensure security standards are met.

Who is your infrastructure provider, and what measures do they take to ensure security?

Our infrastructure is supported by Azure, a leading provider known for its robust security practices. They implement strict physical and digital security measures in their data centers and maintain industry certifications to ensure the safety of our infrastructure. We conduct regular audits of our hosting partners to verify that security standards are consistently met.

Where is our data stored geographically?

We store your data in secure data centers located in USA (US instance) and Germany (EU Instance) Our choice of data center location aligns with data residency requirements and ensures optimal performance and reliability for our users in those regions.

How is access control managed for your service and infrastructure?

Access control for our service and infrastructure is meticulously managed. We use a combination of role-based access control (RBAC), two-factor authentication (2FA), and strong password requirements to fortify the security of our infrastructure. RBAC ensures that permissions are assigned based on roles, and 2FA and strong passwords are additional layers of protection to safeguard access to our infrastructure. These measures work together to maintain the integrity and security of our systems.

Do you have a disaster recovery plan in place, and do you perform regular exercises?

Yes, we have a comprehensive disaster recovery plan in place to minimize downtime and data loss in the event of unexpected incidents. In addition to our plan, we conduct an annual disaster recovery exercise to test and enhance our readiness, ensuring that our systems and processes remain reliable and effective during critical situations.

How often do you perform security audits and testing?

We conduct regular security audits, annual penetration testing, and vulnerability assessments to proactively identify and address potential weaknesses in our system.

What happens if there's a security breach or incident?

We have a well-defined incident response plan. In the event of a breach, we act swiftly to contain and mitigate the issue, and we will notify affected users and authorities as necessary.

Do you comply with data protection regulations like GDPR or CCPA?

Yes, we are committed to complying with relevant data protection regulations. We have implemented measures to ensure data privacy and provide necessary tools to help you manage your compliance responsibilities (https://www.hamina.com/privacy-notice-eula)

Can I configure user access controls and permissions within the Hamina Planner?

Absolutely. Our system allows you to share your projects with other users with either read only, or edit rights.

What is your approach to third-party security, such as integrations and APIs?

We evaluate third-party services for their security practices and conduct due diligence before integrating them into our solution. We prioritize security when working with external partners.

How often are software updates, security patches, and new features released?

We continuously monitor and maintain our system to ensure it remains secure and up-to-date. This includes the regular application of software updates and security patches to address vulnerabilities and enhance system performance. Additionally, we release new features on weekly basis to provide you with the latest tools and functionalities to enhance your experience

How can I report a security concern or vulnerability?

You can report security concerns or vulnerabilities through our dedicated security email address security@hamina.com or contact our support team. We take all reports seriously and address them promptly.

Do you offer a Data Processing Agreement (DPA), and how can I access it?

Yes, we provide a Data Processing Agreement (DPA) as an appendix in our Terms of Service (https://www.hamina.com/terms-of-service) that outlines our commitment to data privacy and security. We are dedicated to ensuring that our data processing practices comply with the highest standards of data protection regulations.

Where can I send my security-related inquiries or requests for information?

For security-related inquiries or requests for information, please feel free to send your questions to our dedicated security email address at security@hamina.com. Our security team will do their best to assist you promptly with any specific security concerns or information requests you may have. As a small team, we do not typically complete external security questionnaires, but we are committed to providing you with the information you need to address security-related inquiries effectively.

How is user access controlled and authenticated?

For users of the Hamina Wireless SaaS service, we implement stringent access control and authentication measures. This includes the requirement for strong passwords and two-factor authentication (2FA). These measures are in place to verify user identities and enhance the security of your account and data.

When the subscription expires, is there a way to export our data?

Currently, we do not have a direct data export feature in place. However, we want to assure you that implementing a file export and import feature is our top customer request, and it is a priority for us. We are actively working on adding this feature as soon as possible. Even after your subscription expires, you can continue to access your projects using our free tier, ensuring uninterrupted access to your valuable data. We do not delete any user data unless requested.