HomePricingRelease notesBlog
Resources
  • Support
    Learn, fix a problem, and get answers to your questions.
  • About us
    Learn about our talented team & what makes us tick.
  • Careers
    Find out about job opportunities at Hortis.
LinkedInYouTubeTwitter
TermsSLAPrivacySecurityRequirementsCookies
Try Hortis for freeLog in
HomePricingRelease notesBlog
Resources
  • Support
    Learn, fix a problem, and get answers to your questions.
  • About us
    Learn about our talented team & what makes us tick.
  • Contact
    We’re a dedicated team that’s here to help.
  • Careers
    Find out about job opportunities at Hortis.
Log inTry Hortis for free
We use cookies to analyse site performance and personalise your experience.
Read our Cookie Policy.
DeclineAllow

Security

Last updated: 21-02-2022

Data Security

Hortis is hosted on the Google Cloud Platform (GCP) and all user data is stored in one of the following regions: US, UK, EU or AU, depending on the location of the customer.

Our platform utilises a Cloud SQL Data Service in each relevant region hosted in a Virtual Private Cloud network with Software Defined Networking and Firewall Protection. The service is compliant with SSAE 16, ISO 27001, PCI DSS, and HIPAA.

To prevent any data loss caused by hardware failure, the cloud service data is stored on a distributed, replicated file system to ensure service continuity. Hortis is designed to prevent any data corruption caused by end users. This includes the ability to track changes of plant collection data, by storing all data revisions using an immutable data structure. As part of our disaster preparedness, the data is safeguarded using three different backup strategies:

  • The data service is configured with point in time recovery (also known as continuous backup) which means we can restore or recover data from any given time, going back 7 days.
  • Automated daily backups, archived on Google infrastructure.
  • Automated backups, twice a day, archived on a different cloud infrastructure.

More information

  • GCP's security practices
  • GCP Cloud SQL

‍

GDPR Compliance

We are committed to the principles inherent in the General Data Protection Regulations (GDPR) and adhere to these regulations which includes GDPR training of all relevant staff.

  • GDPR Compliance

‍

Application Security

Traffic is encrypted via industry standard Transport Layer Security (TLS) between the Hortis servers and web app. All connections are made over HTTPS.

The Hortis web app employs Content Security Policies (CSP) to guard against cross site scripting (XSS) attacks.

API endpoints are protected with OAuth access tokens preventing unauthorised access.

‍

Login Security

Hortis uses OAuth 2.0 as protocol for authentication and access control.

When using built in authentication, Hortis will enforce Good password strength as outlined by Auth0 password strength policies.

In addition, we also offer Single Sign On through third party authentication from providers such as Google and Microsoft.

  • OAuth 2.0
  • Auth0's security practices

‍

The next generation of plant collection platforms is now available for everyone.

Product
HomePricingRelease notesTrial
Company
About usCareersContact
Resources
BlogSupport
Social
LinkedInYouTubeTwitterFacebook
Legal
TermsSLAPrivacySecurityRequirementsCookies
© 2023 Species360. All rights reserved.