The security of your data is our top priority. That’s why we use the latest security technologies and have continuously optimized all safety-themed processes.
The LOLYO employee app is 100 % GDPR compliant. We take all measures to ensure the security of processing in accordance with Art 32 GDPR. All data processing activities are carried out exclusively within the EU or the EEA.
LOLYO’s system architecture is designed to minimize security risks. Access to the software from Outside is restricted to the required systems only.
All traffic is encrypted with SSL (protocol TLS 1.2). The key length is 2048 bit (SHA256withRSA). All passwords are hashed using the PBKDF2 method (with HMAC-SHA256, a 128-bit salt and a 256-bit subkey). This makes it impossible to extract passwords.
As part of lolYO’s service provision, the services of a data center are rented. The headquarters and location of this data center is in Germany. The data center provides only the infrastructure and does not have access to the data. The Microsoft Azure Cloud data center provides state-of-the-art security standards and 24/7 emergency support. The data center is secured as follows: access via access chip/card, alarm system secured, security service on site, smoke detector/fire alarm system, smoke extraction system, water detector as well as redundant Internet connection and DDoS protection.
Access to the production system is limited to our core development team, which is responsible for maintenance, updates and troubleshooting.
We perform daily backups for all relevant systems and databases. These backups are stored encrypted.
Our employees have signed a confidentiality agreement and are constantly trained and sensitized on the subject of security and data protection.
More detailed information on data protection and data security can be found in our data processing agreement (technical and organizational measures, etc.).
Technical details about hosting on Microsoft Azure, data center in Germany
With hosting on Microsoft Azure Cloud, you benefit from higher availability and even higher security standards.
CIS Benchmark, CSA-STAR attestation, CSA-STAR certification, CSA-STAR self assessment, ISO 20000-1:2011, ISO 22301, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 9001, SOC, WCAG, Especially for Germany, IT Baseline Protection Workbook, IDW PS 951, TISAX, C5