Data Security
Your data security is a top priority at Ferilla. We ensure that our security utilizes industry-standard practices and compliance.
Encryption at rest
All data, including backups, is encrypted at-rest using AES-256 encryption.
Encryption in transit
Data is encrypted while moving between us and the browser with Transport Level Security (TLS) 1.2.
Data retention
We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for, and to satisfy our business and/or legal purposes, including data analytics, audit, accounting or reporting purposes. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Some information may also be retained for longer, e.g. where we are required to do so by law.
In some circumstances we may anonymize your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction, including for data analytics.
Subscription cancellation
Following the cancellation of a Ferilla subscription, you will have at least 30 days to download your customer data from Ferilla. After this period, we have no obligation to maintain or provide any customer data to you. We may delete all relevant data provided to us after this period.
Sub-processor
Ferilla currently uses third-party Sub-processors to provide various business functions such as business analytics, infrastructure, email notifications, payments, and customer support. Prior to engaging any third-party Sub-processor, Ferilla performs due diligence to evaluate their defensive posture and executes an agreement requiring each Sub-processor to maintain acceptable security practices.
As our business evolves, the Sub-processors we utilize may also change. We will endeavor to provide prompt updates on this page as new Sub-processors are added, or existing ones are removed. This page serves as our ultimate mechanism for notifying our clients of any changes to the list of Sub-processors.
Data privacy is taken very seriously around the world. Some jurisdictions require specific terms to be documented between data controllers and data processors. Ferilla process customer personal data and helps our customers meet onward transfer requirements under applicable laws (such as the GDPR and CCPA)
Logical separation
Ferilla utilizes a multi-tenant architecture where all customers share the same computing resources. We use logical separation of data between customers
Data breach disclosure
Data breaches are an unfortunate reality that affect several organizations every year. As a result, Ferilla is committed to taking all commercially reasonable measures to secure your data. This is why we are transparent about our security practices to give you confidence in our infrastructure, processes, tooling, and policies to safeguard your data. Ferilla has not had an identified data breach since commencing operations. In the unlikely event of a data breach, Ferilla is prepared to take steps to limit the effects of any data breach and to assist any customers potentially affected by a data breach with meeting their obligations under law. Ferilla defines a data breach as any accidental or unlawful destruction, loss, alteration or unauthorized disclosure of access to customer data.
Notification
Ferilla will notify customers without undue delay after becoming aware of a data breach. Customers will be contacted by email and followed by multiple periodic updates while addressing progress and impact.
Security Policies
Ferilla conducts mandatory code reviews for code changes and periodic and in-depth security reviews.
