Technical measures

^{Entrance Control}

Accurat prevents the entrance of non-authorized persons to data-processing installations using various measures. Data is collected and processed in two locations:

• Accurat headquarters in Merelbeke, Belgium, and secured development partners with contractual control. These facilities are secured by key locks.
• Google Cloud Platform (GCP) in Belgium or other European data centers for testing, staging, and production. Security measures are in line with those described by Google.

^{Utilization Control}

Accurat ensures that only authorized persons utilize data-processing systems using the following measures:

• Laptops as local workstations for software developers, each with a password-protected user account.
• Google Cloud Platform access managed by personal password-protected user accounts with two-factor authentication.

^{Access Control}

Accurat ensures that authorized individuals have access only to authorized data through these measures:

• Authorized employees (software developers) have personal GCP user accounts and tokens.
• Specific accounts are in place to restrict data access based on job content and contribution to the Accurat Platform.

^{Transmission Control}

Accurat ensures secure data transmission with the following measures:

• SSL connection for all data transmission to and from the Accurat API on GCP.
• Connection uses TLS 1.2, encrypted and authenticated using AES_128_GCM with ECDHE_RSA key exchange mechanism.

^{Input Control}

Accurat ensures traceability of data entry and modifications through:

• Use of GCP Stackdriver Logging to monitor modifications to its GCP account.

^{Order Control}

Data is processed as per instructions through the following measures:

• Encrypted connection grants GCP access to data and servers.
• All access is logged and traceable by Accurat's technical team.

^{Availability Control}

Data protection against accidental loss or destruction is ensured by:

• Storing personal data in a Master Dataset on GCP BigQuery (BQ) data warehouse in Europe.
• Google BQ provides automatic data replication for disaster recovery and high-availability.
• BQ maintains security through fine-grained identity and access management control.

^{Separation by Purpose}

Accurat processes data for different purposes separately through:

• Integrations of Accurat SDK into mobile apps require app-specific credentials.
• Each app is associated with a unique user account and token.

^{Information Security Policies}

Accurat's security policies are tailored for cloud services, addressing various needs, including customer data protection and communication.

^{Human Resource Security}

Comprehensive awareness training is provided to employees and contractors to emphasize the importance of protecting customer personal data.

^{Supplier Relationships}

Suppliers, including cloud service providers, undergo regular audits to ensure information security compliance. Supplier relationships are governed by GDPR-compliant contractual terms.

^{Information Security Incident Management}

Accurat promptly informs customers about security events. Customers can also report security events, which are registered and acted upon accordingly. Accurat reports incidents that affect customer service or data, prioritizing resolution to meet GDPR requirements.

‍