CUBESUITE® is configured in such a way as to demonstrate compliance with the principles set out in GDPR art.5 and in particular with privacy by default. Where possible, technical measures have been taken to ensure that only the personal data required for each specific purpose of the processing are processed by default.

In particular CUBESUITE® incorporated the following principles:

• Principle of confidentiality: authentication credentials when the user logs in, have an expiration date and an adjustable complexity to ensure the confidentiality of the processed information and to prevent the access by unauthorized users. It is also possible to create unlimited user profiles by assigning them specific privileges, such as deleting and/or exporting data
• Principle of minimization: the Suite is designed in such a way as to allow the erasing of data through the automatic or manual cleaning of the records
• Data security: data can be backed up by integrating them with the customer backup and/or disaster recovery procedures
• Encryption: all software related files are encrypted on file system with an AES 256 encryption key, communications are certified with the customer’s SSL certification, the database is protected by a password and the password is encrypted
• Durability of files uploaded by the user: a file hash is calculated for each uploaded file as to show the inalterability of the data