Data Privacy and Protection
We understand that you may be concerned about your data being on another organisation's infrastructure. At Bissesar Technologies, we take all reasonable measures to ensure your data is protected and secure while it is on our servers. This help article discusses some of the measures we have in place to protect your data.
Access control
At the very basic level, access to every BissesarCloud account is protected by a password. This could either be the password you set up when we provide you with an account, or a password we set for you.
Multi-factor authentication (MFA)
By default, all new users must set up multi-factor authentication, either by using a code-based authentication app (such as Google Authenticator, etc.), or a physical security key. This additional step ensures only you can access your account and if your password lands in the wrong hands, access to your account may still be protected.
Internal access
Our team members can only view the files and folders they are assigned to (or shared with). This means that they cannot see your files and folders if they are not working on your project or are not a part of the group of users assigned access permissions to your data.
It is important to note that our system administrators have access every file that is uploaded to BissesarCloud. This includes any folder structures you have created to store your files in. Our system administrators need this level of access to ensure you can receive support for your files, for example, if you are unable to access or download your files yourself. This level of access also allows our system administrators to inspect files for compliance with our Terms of Use for BissesarCloud, and to comply with our legal obligations if required.
Important Note:
If and when requested to do so, we have a legal obligation to provide access to, or copies of any files stored on any of our servers, including BissesarCloud to law enforcement agencies in New Zealand.
Encryption
Your password is stored on our servers in an encrypted format, which cannot be decrypted, read, or understood by our team members.
Additionally, file transfers to and from your computer (or other eligible devices) are encrypted for security and to protect your data. BissesarCloud access points are also secured with the appropriate security certificates.
Malware scans
Our servers are configured to scan for known malware throughout the day. Every time a file is uploaded to BissesarCloud, it must first pass a malware scan before the upload process can be finalised. Additionally, our server technicians perform both automated and on-demand malware scans of all files at various intervals within the day.
During these scans, if a file is found to contain malware, it is immediately quarantined to prevent the malware from infecting other files on the server. A detailed report is then sent to the server technicians on duty and the files are removed from the server after a manual verification has been completed. Every user who uploads a file containing malware is contacted to let them know about the incident and may have their BissesarCloud account suspended or terminated.
Data retention and deletion
If you have provided us with a copy of your identification documents as part of signing up for BissesarCloud, we will delete all copies from all our servers as soon as your identity has been confirmed. If we use a third-party identity verification service, we will let you know what their terms and policies are about handling and storing your identity document copies.
Server-level backups
As part of providing service to you, we make regular backups of all files stored on BissesarCloud servers and store them in a secure, remote location. To protect our infrastructure, files, and privacy of other BissesarCloud users, we never disclose this location to a customer.
When a backup is made and transferred to a remote storage location, it may take some time before any changes you make to the existing files are synchronised with the copies in the remote location.
Deleting your data
If you choose to delete your files, or if your BissesarCloud service is cancelled or terminated, we delete all copies of your files from all our servers. Due to the server-level backups being automated, it may take some time (usually the next backup cycle) to fully remove all copies of your files and data from all our servers.
Important Note:
If you decide to cancel your BissesarCloud account, ensure you download your data and files from our servers before you submit a cancellation request. Files once deleted cannot be restored.
If you were given access to a BissesarCloud account to provide us with files and information for your project with us, or are otherwise not a regular BissesarCloud customer, your files and data will be deleted within 30 days after your project has been completed and handed over to you. We will make all reasonable efforts to notify you before your files and data is deleted from our account if you have provided them to us for your project.