Updated on: February 22, 2020
Effective Date: February 22, 2020
Secure Communication. Every connection between you, our users, and Wremia, is encrypted using Transport Layer Security (TLS - the successor to Secure Sockets Layer, or SSL). We use the TLS 1.2 protocol, 256-bit RSA key exchange and a 128 bit AES encryption cipher. This also includes all traffic between our smartphone apps and Wremia servers and all of our APIs.
The effect of this is it makes it very difficult for someone sitting in the network to inspect your data - if you were to be sitting in a coffee shop on an open/unsecure WiFi network, your traffic to Wremia would be just a scrambled mess to someone "eavesdropping".
Additionally, all of the points at which Wremia synchronizes with other services are encrypted using TLS.
Routing to secured connection. If you or your colleagues accidentally enter a URL without encryption, we automatically switch it over to SSL by force using a redirect before responding.
Firewall. Our network is gated and screened by highly powerful and certified web application firewall preventing malicious attacks that exploit commonly known vulnerabilities.
Control and Audit. All accesses are controlled and also audited.
Physical Security & Data Centers
Physical Security. Our datacenters are hosted in some of the most secure facilities available today in locations that are protected from physical and logical attacks as well as from natural disasters such as earthquakes, fires, floods, etc.
Quality. Our global industry-leading data-center provider has but not restircted with the following certifications: ISO 27001, ISO 27017, ISO 27018, ISO 9001, ISO 22301, CSA-STAR.
Our systems work with two forms of backup - hot failover of real time systems (so, if a primary should fail, the secondary is ready to go instantly) and backups of data (so that mistakes like deleting critical data can be "undone"). Backup snapshots are taken daily, and a weekly backup of data which we keep for a much longer period.
Two Factor Authentication. This involves the combination of something you know (your password) and something you have (usually your smartphone) to make it a lot harder for someone to get into your account even if they have/guess your password. For more information about setting it up with your Wremia account, check out our Two-Factor Authentication help guide.
Strong Password Policies. Wremia also makes it easy for administrators to set strong password policies. These include enforcing minimum password lengths, character combinations, ensuring they don't use usernames/emails or a part thereof, that they aren't the same as recently used passwords, can't be changed too frequently or too infrequently.
Automated Account Lockout. All Wremia accounts are protected by automated account lockout - if a user's account has the incorrect password entered more than 5 times in 30 minutes, their account remains locked for 30 minutes and can only be unlocked in the interim by an administrator (or via password reset email). This is designed to thwart dictionary attacks - where a bot tries to guess a user's password.
When it comes to your business data stored in our cloud infrastructure, access is tightly controlled. Only a very small subset of Wremia's engineers have access to production systems at the engineering level.
When our developers from time to time require access to debug something specific, they request an encrypted export of a subset of data, which is then transferred via an encrypted channel (SSH 2.0 protocol using SHA-256 keys) and worked on in development environments that are also encrypted at rest.
Wremia values the work done by security researchers in improving the security of our service offerings and we are committed to working with the community to verify, reproduce, and respond to legitimate reported vulnerabilities. Please submit security issues at firstname.lastname@example.org