Security

1. Our Security Approach

Resilis security is based on a defense-in-depth approach with multiple layers of protection at every level: infrastructure, application, and data.

Core principles:

• Defense in depth: multiple layers of security at every level
• Principle of least privilege: each user only has access to strictly necessary data
• Strict isolation: complete data separation between clients (multi-tenant architecture)
• Transparency: logging and auditing of all sensitive operations
• Continuous updates: regular maintenance of security components

2. Security Architecture

Our security infrastructure is organized into multiple levels of protection:

• Infrastructure : HTTPS/TLS encryption, DDoS protection, firewall and network rules
• Application : HTTP security headers, CSRF/XSS protection, strict Content Security Policy
• Authentication : Strong authentication, brute force attack protection, secure session management
• Access Control : Granular roles and permissions, multi-tenant isolation, access auditing

We follow industry security standards and OWASP recommendations to ensure an optimal level of protection.

3. Authentication and Authorization

Authentication:

• Secure email and password authentication
• Mandatory email verification before account activation
• Secure sessions with HTTPOnly and Secure cookies
• Brute force attack protection with automatic attempt throttling

Access control:

• Hierarchical role system for granular access control
• Strict data isolation between clients (multi-tenant)
• Systematic permission verification on every request
• Logging of all data access and unauthorized access attempts

4. Data Protection

Encryption:

• All communications use HTTPS/TLS with valid and up-to-date certificates
• HTTP Strict Transport Security (HSTS) enabled
• Data encryption at rest for databases and files
• Secure management of secrets and credentials via environment variables

Backups:

• Daily automatic database backups
• Regular full backups with long-term retention
• Regular restoration tests to ensure backup integrity
• Backup storage on secure infrastructure within the European Union

File validation:

• Strict file extension validation (whitelist)
• Size controls by file type
• MIME type validation through magic byte detection
• Protection against directory traversal attacks

5. Compliance and Certifications

Our hosting infrastructure holds the following certifications:

These certifications guarantee that the infrastructure meets the highest information security standards.

GDPR compliance:

• Compliance with the General Data Protection Regulation (GDPR)
• Processing records kept up to date
• Impact assessment carried out for high-risk processing
• Procedures for exercising individuals' rights

For more information on how your personal data is processed, see our Privacy Policy and our page Subcontractors.

6. Monitoring and Surveillance

We continuously monitor our infrastructure and application to detect and prevent security incidents:

• 24/7 monitoring of infrastructure and application
• Automatic detection of anomalies and intrusion attempts
• Real-time alerts on security incidents
• Centralized logging of all security events
• Active protection against brute force attacks
• DDoS protection enabled at infrastructure level

7. Infrastructure and Sovereignty

Hosting:

• Secure cloud infrastructure hosted in the European Union
• Certified data centers with physical access controls and continuous monitoring
• No transfer of sensitive data outside the EEA without explicit client instruction
• Compliance with GDPR requirements and digital sovereignty principles

For more details on our hosting infrastructure, visit our page Subcontractors.

8. Security Contact

For any questions regarding Resilis security or to report a security incident:

Email : h.lajoie@resilis.com (DPO)

Emergencies : j.puaux@resilis.com