You are safe with Ublion — Version 1.5 (January 2020)

Ublion is a brand of Cocon BV
Paradijslaan 32, Eindhoven, The Netherlands
Chamber of Commerce: 66318874, VAT: NL856492838B01

Your data is crucial for your business and you take great care in terms of security and control. We want you to be confident that with Ublion you don’t have to compromise on the security, control or availability of your data.
As we want to be transparent, we want to be open with you about our obligations and what you can expect when it comes to our responsibility for protecting and managing your data by Ublion.

If you have any questions, please contact us at telephone number +31(0)40-808 0141 or support@ublion.com.

Our principles

• Safety first
We will notify you immediately if we detect a security breach that jeopardizes your data.

• You decide what happens to your data
We save your data up to 96 hours (production) and 2 up to 2 weeks (AI training). But we process customer data according to your instructions. You can access or delete it at any time.

• You are and remain the owner of the data
We don’t share your data with third parties. Even our own employees don’t have access to your data without your permission. For us, your environment is a black box.

• Everything in your own hands
We own all aspects of the service. This way you know exactly who you are doing business with.

• Data stored locally
With Ublion you know where your data is stored. For example, the data of Dutch customers is stored in the Leaseweb Datacenters in Haarlem (https://www.leaseweb.com/platform/data-centers/ams-01). The data of our German customers in Leaseweb Frankfurt (https://www.leaseweb.com/platform/data-centers/fra-10). Only after your explicit permission we will move your data to other datacenters. For example for a geo-cluster for bursting on demand.

• Privacy by Design, OWASP
We have taken your Privacy into account from the start of the development of the service. We have developed the service in accordance with Privacy by Design principles (https://en.wikipedia.org/wiki/Privacy_by_design). In addition, we comply with OWASP (https://en.wikipedia.org/wiki/OWASP) principles. We use top teer datacenters and security is in our DNA.

Safety and reliability

• Multi-layered security
We develop and implement our infrastructure software using strict security methods in accordance with Defense in Depth principles. The environment is monitored 24/7/365.

• Internet communication
Communication is always encrypted. And for Denial-of-Service attacks, we have taken various security measures.

• Users and identities
Access to sensitive data is protected.

• Storage
Data stored on our infrastructure is automatically encrypted and spread across various servers and clusters for availability and reliability. For example to prevent unauthorized access and service interruptions.

• Service implementation
Security first. This also applies to every application that runs on our infrastructure. We have implemented various securities for this. Our infrastructure is naturally multi-tenant.

• Hardware infrastructure
From the physical data center racks to our own specially developed servers, network equipment and security chips to the low-level Ublion software stack that runs on every machine, our entire hardware infrastructure is optimized for performance.

• Data center
At Ublion we use the secure top teer data centers of LeaseWeb or comparable. The processes of these suppliers are certified with ISAE 3402 and ISO 27001 statements. For countries outside Western Europe, we divert to Equinix and Terremark data centers.

• Clusters
The environment is fully clustered to guarantee up-time and availability of the data.

• 24 × 7 monitoring
In addition, Ublion continuously monitors the availability of our web services through software. In most cases, problems experienced by our users are immediately identified and dealt with by our experts.

• Secure web services
The Ublion web services are secured with SSL certificates or VPN that guarantee the authenticity of the user. The data sent between users and Ublion is encrypted and secured with these connections.

• Security scan
Our web services are continuously monitored for unusual traffic (DDOS, Spam and Malware), and the SSL connection is also checked. Various anti-virus and anti-malware measures have been implemented. We are also continuously audited for this.

• Confidentiality
Our employees are aware of the risks of working with online data. Ublion applies strict job segregation. All employees have signed a confidentiality agreement.

• Service Level Agreement
The quality of our services to customers is laid down in a Service Level Agreement (SLA). Among other things, it states which service levels users can expect from Ublion.

On request we can provide a modified SLA, for example:

o 100% availability of the Data
o 99.995% availability of the environment
o Dedicated pipeline and high performance processing
o 24/7/365 support
o Capacity on demand, for example to accommodate peak rates for invoice processing.

Unauthorized access to data or systems from Ublion is not permitted. Ublion will report this to the appropriate authorities when observing these activities.