logologo

Security Policy

Last Updated: February 20, 2025

Welcome to Recordem.com! Your privacy and the security of your data are important to us. This Security Policy explains the measures we take to collect, use, and protect your personal data when you use our time tracking software and related services ("Services"). By using our Services, you agree to the terms of this Security Policy.
When we use the term 'we', we are referring to the company AVASO Software Solutions ApS, registered in Denmark (CVR: 42741221).
When we use the term 'you', we are referring to you as a natural person, and not as a company or any other type of organization you are connected with.

Our Commitment to Security

At Record'em, the security and privacy of your data are paramount. We understand that the information you trust us with, including sensitive time tracking and expense data, must be handled with the utmost care and protected against unauthorized access, disclosure, alteration, and destruction. This policy outlines the measures we take to ensure the security of your data and maintain compliance with relevant regulations, particularly within the European Union.

Record'em is built with security in mind from the ground up. We employ industry-standard practices and technologies to create a secure environment for your data. Our security framework is designed to protect against various threats and ensures the confidentiality, integrity, and availability of your information.

Data Handling and Storage

We process and store your data securely. Key aspects of our data handling practices include:

  • Data Location: All customer data is hosted on secure, certified cloud infrastructure located within the European Union. This ensures that your data remains under EU jurisdiction and benefits from strong data protection laws.
  • Data Encryption:
    • Data in Transit: All data transferred between your device and our servers, and between our internal services, is encrypted using industry-standard Transport Layer Security (TLS/SSL) protocols. This prevents eavesdropping and tampering.
    • Data at Rest: Data stored on our servers is encrypted at rest using advanced encryption standards (e.g., AES-256) to protect it from unauthorized access to the underlying storage.
  • Data Minimization: We only collect and process the data necessary to provide our services. We retain data only for as long as required by our service provision, legal obligations, or as agreed upon with our customers.
  • Access Control: Access to customer data by Record'em personnel is strictly controlled, based on the principle of least privilege. Access is granted only to authorized employees who require it to perform their job functions, and all access is logged and monitored.

Compliance with EU Regulations (GDPR)

Record'em is fully committed to compliance with the General Data Protection Regulation (GDPR). We have implemented processes and features to help our customers meet their GDPR obligations, including:

  • Lawful Processing: We process personal data based on lawful bases as defined by GDPR.
  • Data Subject Rights: We support data subject rights (e.g., access, rectification, erasure, data portability) and provide mechanisms within the application or through support channels to facilitate these requests.
  • Data Processing Agreements: We offer Data Processing Agreements (DPAs) to customers that outline our commitment and responsibilities as a data processor.
  • Privacy by Design & Default: We integrate data protection principles into the design and development of our services.

For more detailed information on our GDPR compliance, please refer to our dedicated GDPR Center.

Infrastructure Security

We rely on reputable cloud service providers with robust security certifications (e.g., ISO 27001, SOC 2). Their infrastructure includes physical security measures, environmental controls, and redundant power and networking to ensure high availability and protection against physical threats.

Security Audits and Testing

We regularly assess and improve our security posture:

  • Internal Audits: Our internal teams conduct regular security reviews.
  • External Penetration Testing: We engage third-party security experts to perform penetration tests to identify and address potential vulnerabilities.
  • Vulnerability Management: We have a process for monitoring, assessing, and patching security vulnerabilities in our systems and software.

Employee Security Training

All Record'em employees receive mandatory security awareness training. Employees with access to sensitive data receive additional training specific to their roles and responsibilities. Our team is committed to upholding our security policies and best practices.

Incident Response

We have a documented incident response plan to effectively handle security incidents. This plan includes procedures for detection, containment, investigation, notification (where required by law), and recovery, ensuring minimal impact and prompt action in the event of a security breach.

Changes to this Policy

We may update this Security Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date at the top.

Contact Us

If you have any questions about this Security Policy or our security practices, please contact us:

Email: security@recordem.com
Address: AVASO Software Solutions ApS, [Your Street Address], [Your City/Postal Code], Denmark