Data Security

Multi-layered security protects your data at every stage — from storage and transit to access and deletion. Our approach combines strong encryption, strict access controls, and continuous monitoring.

Key Security Measures

  • Strong encryption — Data protected at rest and in transit
  • Strict access control — Multi-factor verification and least privilege
  • Continuous monitoring — Proactive incident detection and response
  • Privacy by design — Data minimization, pseudonymization, and secure deletion

Specific technical details about our security architecture are provided on request under NDA.

Encryption

All data is protected both at rest and in transit using industry-standard encryption. Key management is handled centrally and securely within a certified cloud environment.

  • Encryption at rest — Stored data is encrypted with strong, industry-standard encryption
  • Encryption in transit — All communication is secured with modern transport protocols; legacy protocols are disabled
  • Centralized key management — Encryption keys are managed centrally and rotated periodically

Specific algorithms, protocol versions, and implementation details are shared on request under NDA.

Access Control

Access to systems and data is strictly managed based on multi-factor verification and the principle of least privilege.

  • Multi-factor authentication — Mandatory for all employees and administrator accounts
  • Role-based access — Users receive only the permissions required for their role, with periodic reviews
  • Account lifecycle — Access is revoked immediately upon role change or offboarding

Details about our identity solution and access policies are shared on request under NDA.

Network Security

Our infrastructure is designed with defense-in-depth principles, where multiple security layers work together to prevent unauthorized access.

  • Network segmentation — Production, staging, and development environments are strictly separated
  • Perimeter protection — Strict traffic rules, DDoS protection, and protection against common application-layer attacks

Details about our network architecture are shared on request under NDA.

Monitoring & Detection

Continuous monitoring enables us to detect security incidents early and respond swiftly. We combine automated tooling with regular manual assessments.

  • Continuous monitoring — Real-time monitoring of infrastructure, applications, and security events with automated alerts
  • Vulnerability management — Regular scans and periodic independent penetration tests
  • Patch management — Critical patches are rolled out quickly and in a structured way via a tested process

Details about monitoring tools, SLAs, and pentest reports are shared on request under NDA.

Data Management

We maintain strict processes for protecting, minimizing, and deleting data, in line with the GDPR and our privacy-by-design principle.

  • Pseudonymization — Personal identifiers are pseudonymized, with separated key storage
  • Data minimization — Only strictly necessary data fields are used for analytics and model development
  • Secure deletion — Upon contract termination, client data is irreversibly deleted within the agreed timeframe, with confirmation

Specific processes, retention periods, and processing arrangements are shared on request under NDA or in the data processing agreement.

Questions About Our Security?

Our Data Protection Officer is happy to assist you with questions about security, compliance, or privacy.

General Support: support@onesurance.ai
DPO Email: dpo@onesurance.ai (DPO — Menno Kooistra)
Phone: +31 6 13 27 01 44 (Onesurance Support)
Contact Our DPO →