Parseur strives to respect user privacy and ensure the highest levels of data protection.
Where is Parseur data stored?
Parseur data is stored in the EU (the Netherlands) in a highly secure data center.
How secure is Parseur's infrastructure? Do you perform penetration testing?
We keep our infrastructure secure at all times. We have monitoring in place to alert us in the event a vulnerability is discovered in any of our dependencies. Our servers and third-party libraries are updated regularly to include the latest security patches.
We retained an independent third-party company to continuously monitor and test our application, API, and infrastructure for vulnerabilities. They make sure Parseur complies with security standards such as OWASP Top 10 and SANS 25, along with performing many other vulnerability tests.
Customers on Enterprise plans can request our cyber security audit certificate and a full report of penetration tests performed.
How secure is Parseur data? What encryption do you use?
All of your Parseur data is encrypted at rest using AES256 and in transit using TLS v1.2 or above. Deprecated transport layers SSLv2, SSLv3, TLS 1.0, and TLS 1.1 are disabled.
Parseur leverages the Let's Encrypt Certificate Authority to provide an SSL Certificate in order to secure all communications between Parseur's servers and your browser and third-party servers. Let's Encrypt is the industry standard as an automated certificate provider, and provides certificates to over 250 million domains worldwide. Read more information about Let's Encrypt.
How secure are my account and password?
Parseur doesn't store your password (it uses a hash). Parseur has no way of knowing your password. Parseur uses the PBKDF2 algorithm with a SHA256 hash, a password-stretching method that NIST recommends. Password is salted with a 512-bit salt and has the PBKDF2 algorithm set up to run 150,000 iteration cycles, both parameters being above the standard recommendations.
What is your Service Level Agreement (SLA)?
Our target uptime is 99.9% or higher, over a trailing-twelve month period. You can check our historical uptime on our status page.
If you need a higher uptime, please contact us here. We are considering offering a separate infrastructure that receives updates less often, and will reach higher uptime, up to 99.99% or higher, as part of our Enterprise offering.
In the unlikely event Parseur becomes unavailable, our email collection platforms will retry sending emails at various intervals for up to 24 hours, ensuring no emails are lost. We also offer a dual sending mechanism for additional redundancy and latency.
Where does Parseur stand on data privacy?
Data privacy is of the utmost importance at Parseur. You own the data you send us (your are the Controller). Parseur will never sell or otherwise share your data.
Our team doesn't have a reason to access or process your customer data on a day-to-day basis, as document processing is fully automated.
The Parseur team will not access your data unless you request that we do so for support so that we can give you a more precise answer.
All our team members receive GDPR and data protection training with respect to their roles.
Check out our Data Processing Agreement (DPA).
Is Parseur GDPR compliant?
Yes, we are committed to adhering to the European Union's General Data Protection Regulation (a.k.a. “GDPR”), one of the strictest data privacy regulations in the world.
Parseur will never sell your data. You own the data you send to Parseur and have complete control over it.
Read more about Parseur and GDPR.
What is Parseur's data retention policy?
You can set your own data retention policy in your mailbox settings for as little as one day.
You can also use our Process than Delete feature to immediately delete a document from Parseur servers once it has been successfully parsed and the extracted data sent to your servers.
What are Parseur's security policies and certifications?
Parseur servers are hosted on the Google Cloud Platform (GCP).
GCP offers the highest levels of security in the industry and is compliant:
ISO 27001
HIPAA
SOC 2 Type 2
See full details at https://cloud.google.com/security/compliance/offerings
Parseur uses best practices and state-of-the-art practices to ensure the best data protection and safety. You will find the full list of our technical and operational security measures in Exhibit B of our Data Processing Agreement (DPA).
What is your policy regarding security and confidentiality breaches?
We take privacy, transparency, and data protection seriously. As soon as we become aware of any possible violation of a customer’s Personal Data, we establish a process to ensure full disclosure. Parseur will inform customers of any request for access, distribution, or other form of retrieval and notification of the Personal Data in violation of confidentiality within 48 hours after the discovery of the breach of confidentiality.
We constantly monitor our systems and make sure that the data remains secure. As part of this effort, we also confirm that any permissions and access rights relating to data are managed properly and encrypted to ensure maximum safety.
If you become aware of a potential security breach, contact us immediately at security [at] parseur.com.
Can you fill out our Security Questionnaire?
We don't have the capacity to answer and fill out every security assessment unless you become an Enterprise customer (quote form is available here).
However, we've compiled a list of typical security answers to help you complete those internal questionnaires.
Where can I learn about Parseur security policies regarding security researchers?
You are a security researcher and looking to help us increase our security level? Read our policy here.
Where can I learn more?
Don't hesitate to reach out via chat or using our contact form, should you have any other questions.