Security Overview

Security Overview

The privacy and security of our customers’ data is our number one priority

FAX.PLUS SSL encryption

Data Encryption In Transit and At Rest

Fax files at rest are encrypted using 256-bit Advanced Encryption Standard (AES). To protect data in transit between FAX.PLUS apps (currently mobile, API, or web) and our servers, FAX.PLUS uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.

System Architecture

To increase stability, performance and security, our system architecture is based on an n-tier architecture with multiple layers of protection, including encryption, network configuration, and application-level controls distributed across a scalable, secure infrastructure.

Application Security Testing

Our security team performs automated and manual application security testing on a regular basis to identify and patch potential security vulnerabilities and bugs on our web and mobile applications.

Key Management

Our key management infrastructure which is used for the encryption of faxes at rest is designed with operational, technical, and procedural security controls with very limited direct access to keys.

FAX.PLUS SSL encryption
FAX.PLUS System Architecture
FAX.PLUS System Architecture

WAF

Aside from complex network level firewalls, we use enterprise-class web application firewalls (WAF) to protect our service from vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery.

Hardware Level Security

All faxes are only stored in Swiss datacenters that operate from locations conforming to the most restrictive security standards (ISO 27001) and are part of the Cloud Security Alliance (CSA). One of our datacenters is located in Zurich buried underground the Alps in a former military anti-atomic command and control center and the other is in Geneva, close to European financial ecosystems and global markets.

DDoS Protection

We make use of a CDN with network capacity 15x bigger than the largest DDoS attack ever recorded to protect our service from potential DDoS attacks.

WAF

Aside from complex network level firewalls, we use enterprise-class web application firewalls (WAF) to protect our service from vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery.

Hardware Level Security

All faxes are only stored in Swiss datacenters that operate from locations conforming to the most restrictive security standards (ISO 27001) and are part of the Cloud Security Alliance (CSA). One of our datacenters is located in Zurich buried underground the Alps in a former military anti-atomic command and control center and the other is in Geneva, close to European financial ecosystems and global markets.usions.

DDoS Protection

We make use of a CDN with network capacity 15x bigger than the largest DDoS attack ever recorded to protect our service from potential DDoS attacks.

FAX.PLUS Application security testing

HIPAA Compliance

We understand the sensitivities and the seriousness associated with keeping patient healthcare data private and secure and that’s why we have looked into details of all administrative, physical and technical safeguard specifications with fine precision, mitigating all HIPAA requirements to safeguard our customers’ data, individuals’ protected health information (PHI) and electronic protected health information (ePHI).
See our HIPAA Compliance Statement

PCI-DSS Compliance

The processing of our payments in our Web and Android applications rely on two services which are both PCI-DSS: Stripe which processes Credit Card payments and Paypal which processes Paypal payments.
Purchases within our iOS application are made available via Apple’s in-app purchase mechanism.

We do not store any Credit Card information only anonymized tokens, as provided by these services.

FAX.PLUS Application security testing

Advanced Security Controls

In addition to all the security measures we take to ensure the highest level of security and privacy for all our users and their data, we provide the administrators of our Enterprise plans certain security tools and features to have more controls over the protection of their data.

  • Access Logging: Detailed access logs are available both to users and administrators of Enterprise teams. We log every time an account signs in, noting the type of device used and the IP address of the connection.
  • Block Users: We make it easy to block a user in the event that they’re no longer part of your organization or in any kind of emergency situations or data breach.
  • Business Associate Agreement (BAA): We sign BAA with users of our Enterprise plans who need a BAA in order to comply with the Health Insurance Portability and Accountability Act (HIPAA)

Swiss Company (Incorporated in Switzerland)

All user data is protected by the Swiss Federal Data Protection Act (DPA) and the Swiss Federal Data Protection Ordinance (DPO) which offers some of the strongest privacy protection in the world for both individuals and corporations. As Alohi SA (FAX.PLUS) is outside of US and EU jurisdiction, only a court order from the Cantonal Court of Geneva or the Swiss Federal Supreme Court can compel us to release the extremely limited user information we have.

Report a Security Vulnerability

Our number one priority is the privacy and security of our customers’ data. To excel at this, we welcome the vital role that security researchers play in keeping systems and data safe. To encourage the responsible reporting of potential security vulnerabilities, the security team is committed to working with the community to verify, reproduce and respond to legitimate reports. If you believe you’ve identified a potential security vulnerability, please report it to us right away. We will investigate all legitimate reports and do our best to quickly address the problems.

Please email your report to [email protected]

We use cookies to optimize your user experience. By browsing our website, you agree to the use of cookies x