Log in

Data Policy

Protection of data and personal information

We take data security very seriously and handle your data securely. Our way of working with data protection has created a strong infrastructure that is built to protect against physical intrusions into our networks, servers and applications.

Security is our top priority in all development phases of our software. We value and continuously implement new ways to secure your data, from the creation of a secure design and the way we set up coding guidelines, to reviewing and monitoring new software versions in use.

We work according to the GDPR (General Data Protection Regulation), the regulatory framework that protects, among other things, the handling of personal data for private individuals within the European Union. How Invono processes and protects your personal data is described in our Privacy Policy.

With regard to our digital platform INVONO One, Invono as personal data controller is responsible for the technical and organizational security measures. Invono ensures that INVONO One is safe to use through, for example, encryption, authorization control, the ability to make register extracts and delete personal data. When there are no functions in INVONO One to handle personal data-related issues, we have internal procedures for this.

The measures that Invono takes to protect personal data and other data are described in more detail below.

Storage, encryption and backups

Physical security

INVONO One is operated on servers in Google Cloud Services data centers within the EU/EEA that comply with international standards such as SOC 1 Type II and ISO 27001, and are PCI-DSS certified. All data centers are staffed 24 hours a day, 365 days a year and equipped with advanced power supply, climate control and fire protection systems, as well as security cameras to prevent intrusions.

Backups are taken daily and stored on Google servers within the EU/EEA. The storage of the data is thus in two geographically separated locations.

Virtual security

To ensure that your data cannot be read, copied, modified or deleted by unauthorized persons when it is transferred to or from INVONO One, it is encrypted through a secure connection called HTTPS.

All data communication takes place with Secure Sockets Layer (SSL). Invono uses encrypted communication in the form of 256-bit SSL encryption and 2048-bit public keys from RSA. All data communications to and from the user's computers are encrypted using SSL, the most widely used Internet standard for encrypted information.

Inovno's server environment and network are protected by firewalls. In addition, Invono is proactive by monitoring and analyzing firewalls and system logs.

INVONO One has comprehensive backup routines that ensure its continuity and that data is protected against accidental destruction or loss. Backups are made daily and saved for four weeks, and the encryption of customers' data remains with the backups.

Invono has taken measures to make it possible to discover afterwards whether and who has gained access to or changed information in INVONO One.

Protection of your account and payment details in INVONO One

To make it more difficult for unauthorized persons to log into INVONO One and use your account, login can only be done either through BankID, or through a password together with a security code that is sent by e-mail to users (two-step authentication).

There is continuous verification of users. Each call to Invono's servers involves a check of the logged-in's authorization.

To prevent unauthorized persons from gaining access to information if a computer is left unattended, the system automatically logs the user out after two hours of inactivity.

BankID

Swedish BankID is an electronic identification solution that ensures the identity of you who create an account, log in or sign electronically.

Two-step authentication

If you do not want or cannot use BankID, we have implemented a two-step authentication that you can use to create an account and log in to INVONO One. The two-step authentication means that you use two ways to identify yourself; your password and a security code, which will be sent to the email address you have registered. Invono does not have access to or store any passwords in clear text.

Credit card Security

Credit card payments are handled by Stripe, which handles online transactions for thousands of businesses and SaaS platforms, and is PCI compliant for the storage and handling of credit card information.

Knowledge and information protection

Access limitation

Invono is open with its security architecture and the security system is built exclusively with proven standards. Only a few key people have access to all the security keys in the system.

Access to personal data is limited to only those persons within Invono's organization (including hired consultants and subcontractors) who, taking into account the purpose of the processing, need such access. As regards the authorization of such persons to information in INVONO One, this is controlled by Invono's IT manager.

Except for such persons within Invono's organization as mentioned in the paragraph above, it is the customer who uses INVONO One who is responsible for which persons gain access to personal data in INVONO One. Invono provides access control tools in INVONO One that make it easier for the customer to create a suitable access restriction.

Confidentiality Agreement

All Invono's staff and all consultants and subcontractors hired by Invono are bound by confidentiality agreements that prevent the dissemination of confidential information and personal data.

Thinning and deletion

The customer who uses INVONO One is responsible for the thinning of personal data in INVONO One. Invono provides tools in INVONO One - such as monitoring times on various documents - that can facilitate the thinning work. When a customer stops using INVONO One, Invono returns and deletes personal data in INVONO One in accordance with what was agreed with the customer, unless otherwise required by applicable law.