Security

SECURITY AT PRDUCT

Your data security is our top priority. We implement comprehensive technical and organizational measures to protect your supply chain data.

Quick Overview

• Infrastructure & Hosting
• Data Encryption
• Access Controls & Authentication
• Backup & Recovery
• Monitoring & Logging
• Compliance & Certifications
• Security Testing

 

INFRASTRUCTURE & HOSTING

AWS EU Hosting

All data is hosted on Amazon Web Services (AWS) infrastructure within the European Union, specifically in Stockholm and Frankfurt regions. AWS maintains ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, and SOC 3 certifications.

AWS data centers provide enterprise-grade physical security including:

• Multi-layer perimeter controls
• 24/7 security monitoring
• Biometric access controls
• Environmental controls (fire suppression, climate management)
• Redundant power and connectivity

For complete details on AWS compliance programs: https://aws.amazon.com/compliance/programs/

Data Location

• Primary storage: AWS Stockholm/Frankfurt (EU regions)
• Backup storage: Multiple availability zones within EU
• No data stored outside European Union

An AWS availability zone consists of one or more physically separate data centers with redundant power, networking, and connectivity, ensuring high availability and disaster recovery capabilities.

 

DATA ENCRYPTION

We encrypt your data at every stage to ensure confidentiality, integrity, and protection against unauthorized access.

In Transit

All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) 1.2 or higher. Older, insecure protocols are blocked. This ensures:

• Data cannot be intercepted by third parties
• Data integrity is maintained during transfer
• Authentication that you’re connected to the genuine Prduct platform

At Rest

All data stored on AWS infrastructure is encrypted using AES-256 encryption. This includes:

• Database contents
• File uploads and documents
• Backup files
• Log files

Even if physical storage media were compromised, encrypted data remains protected and unusable without proper decryption keys.

Database Access

Database access is secured through SSH-encrypted jumpbox connections, adding an additional security layer beyond standard authentication.

 

ACCESS CONTROLS & AUTHENTICATION

User Authentication

• Minimum 12-character passwords required
• Password complexity requirements (uppercase, lowercase, numbers)
• Two-factor authentication (2FA) available and recommended
• Automatic session timeouts

Internal Access Management

• Role-based access control (RBAC) for all systems
• Principle of least privilege enforced
• Only authorized personnel have database access
• All administrative access requires 2FA
• Regular access rights reviews
• Immediate access revocation upon personnel changes

Granular Permissions

Within the Platform, organizations can implement fine-grained permission structures ensuring users only access data necessary for their roles.

 

BACKUP & RECOVERY

Backup Security

• All backups encrypted to same standards as production data
• Backups stored in separate availability zones from primary data
• Geo-redundant storage for Premium and Enterprise tiers
• Regular backup restoration testing

Data Recovery

We maintain tested procedures for data recovery and can restore your data from any point within your tier’s retention period.

 

MONITORING & LOGGING

Security Monitoring

We implement comprehensive monitoring across our infrastructure:

• AWS Security Hub for centralized security findings
• Continuous monitoring for malicious or unauthorized activity
• Network intrusion detection
• DNS query logging and analysis

Event Logging

Security events are logged at multiple levels:

• User authentication and login events
• Data access and modification events
• Administrative actions
• System errors and validation failures
• API access patterns

 

SECURITY MAINTENANCE

Patch Management

• Regular security updates applied to all systems
• Critical patches applied promptly upon release
• AWS-managed services receive automatic patching
• Monthly review of security advisories

Infrastructure Reviews

• Periodic AWS Security Hub assessment reviews
• Regular evaluation of IAM policies and security groups
• Network configuration audits
• Review of access logs to verify appropriate access

Continuous Improvement

Our security posture is continuously reviewed and improved based on:

• AWS security recommendations
• Industry best practices
• Emerging threat intelligence
• Customer feedback and requirements

 

COMPLIANCE & CERTIFICATIONS

ISO 27001 Alignment

Our security controls are aligned with ISO 27001:2013/2022 information security management standards. Formal certification is in progress.

GDPR Compliance

We maintain full compliance with the EU General Data Protection Regulation (GDPR):

• Data Processing Agreement available at prduct.com/data-processing-agreement
• Standard Contractual Clauses (SCCs) implemented for any non-EU data transfers
• Comprehensive privacy controls documented at prduct.com/privacy
• Regular data protection impact assessments

AWS Certifications

Our hosting infrastructure maintains:

• ISO 27001, 27017, 27018
• SOC 1, SOC 2, SOC 3
• PCI DSS compliance
• C5 (Cloud Computing Compliance Controls Catalogue)

Full AWS compliance documentation: https://aws.amazon.com/compliance/

 

SECURITY TESTING

Ongoing Security Assessments

• Ad-hoc security reviews of infrastructure and applications
• AWS security tool monitoring and analysis
• Continuous vulnerability scanning through AWS Inspector
• Regular review of security configurations

Planned Security Testing

We are planning to implement:

• Annual third-party penetration testing
• Regular vulnerability assessments
• Security code reviews
• Compliance audits

As we grow and especially for Premium and Enterprise customers, we will expand our security testing programs and make reports available upon request.

 

SUB-PROCESSORS

We work with carefully selected sub-processors who meet our security standards:

• Amazon Web Services (AWS): Cloud infrastructure (EU regions)
• Microsoft Azure: Additional cloud services (EU regions)
• Intercom: Customer support and communication
• Microsoft Outlook: Business communication

All sub-processors are bound by data processing agreements and GDPR compliance requirements.

Complete sub-processor list: prduct.com/data-processing-agreement/sub-processors

 

CUSTOMER SECURITY RESPONSIBILITIES

Security is a shared responsibility. We recommend customers:

• Enable two-factor authentication (2FA)
• Use strong, unique passwords
• Regularly review user access and permissions
• Train employees on security best practices
• Report suspicious activity immediately
• Configure data sharing settings appropriately
• Maintain backups of critical compliance documents

 

SECURITY CONTACT

Report Security Issues: security@prduct.com

Data Protection Officer: dpo@prduct.com

General Inquiries: legal@prduct.com

We take all security reports seriously and will respond promptly to any concerns.

 

Prduct ApS

Universitetsbyen 7, 8000 Aarhus C, Denmark

CVR: 39368226