The LocknCharge Promise
At LocknCharge, we take data integrity and security very seriously. Our facilities, processes and systems are reliable and robust. We continuously look for opportunities to make improvements and give you a highly secure, scalable system to provide a great experience to you.
LocknCharge lets you deliver a secure system by,
- Securing your personal information: compliance with the Australia Privacy Act and GDPR.
- Ensuring Internal Data security of your data that rests with LocknCharge: Full data encryption in transit and at rest.
- Network Security: Automated locker hardware cannot expose your network to malicious activity from the Internet because it does not accept any inbound connections, such as SSH or telnet. The FUYL Portal connection cannot expose you network to malicious activity from the Internet because the connection is always initiated from the hardware and is a simple messaging protocol secured using cryptographic certificates.
EU-US Privacy Shield
LocknCharge complies with the EU-U.S. Privacy Shield and U.S.-Swiss Privacy Shield by adhering to the principles of protecting the rights of anyone in the EU whose personal data is transferred to the United States as well as bringing legal clarity for businesses relying on transatlantic data transfers.
GDPR
The General Data Protection Regulation (GDPR) is a European privacy law which became enforceable on May 25, 2018. The GDPR is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
Our GDPR Commitment
We only collect and store information that is necessary to offer our service, and we do this with the consent of our customers. Adding to this, our approach towards privacy, security, and data protection aligns with the goals of GDPR.
Along with a highly secure and robust system architecture, we have a variety of security measures in place to prevent unauthorized access and processing of personal data.
Physical & Network Security
LocknCharge uses Amazon's AWS platform and infrastructure. LocknCharge employees do not have any physical access to our production environment.
Here are more details about security setup of AWS.
Cloud security is the highest priority at AWS. As an AWS customer, we benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations.
“Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff.”
In addition to physical security, being on AWS platform also provides us significant protection against traditional network security issues on the infrastructure including,
- Distributed Denial Of Service (DDoS) Attacks
- Man In the Middle (MITM) Attacks
- Port Scanning
- Packet sniffing by other tenants
AWS has a thorough compliance program. Here are more details on the AWS Services in Scope by the Compliance Program.
Administrative Operations
We at LocknCharge, use two-factor authentication to grant access for our administrative operations to infrastructure. Administrative privileges are restricted to very few employees.
Any administrative access is automatically logged. Detailed information on when/why the operations are carried out are documented and security considerations are taken into account before performing any changes in the production environment.
FUYL Portal & Web Application Security
Cloud Endpoints
- Communication between LocknCharge hardware and the FUYL Portal: All communication between LocknCharge hardware and the FUYL Portal uses a secure IoT / MQTT channel which requires a certificate signed by root CA, enabling a connection only under that device’s unique identifier. It is impossible to access other devices or account data.
- Public HTTPS endpoint - endpoint discovery for single calls from device.
- API Gateway endpoints - oAuth token authenticated at the specific account level (no unauthenticated endpoints)
- Public API security is controlled through user-created app client identities. These are used by the client to fetch oAuth tokens, which in turn are used to authenticate API requests. App clients can be created by customers and revoked by customers or LocknCharge if necessary.
Web Application Security
- FUYL Portal is static website secured and delivered through CloudFront CDN
- Secure Access
LocknCharge's application can be accessed only via HTTPS. We use industry standard encryption for data in transit. - XSS
All user input is properly encoded when displayed to ensure XSS vulnerabilities are mitigated.
Encrypted Data Storage
All data stored in any LocknCharge solutions is encrypted using a 256-bit symmetric algorithm (AES-256-GCM)
Vulnerability Scanning & Patching
We periodically check and apply patches for third-party software/services. As and when vulnerabilities are discovered we apply the fixes. We do periodic vulnerability scanning using authorized services.
Data Storage & Redundancy
We use Amazon's DynamoDB for our database. The automated point-in-time Recovery feature is configured for DynamoDB. With point-in-time recovery, we can restore any table to any point in time during the last 35 days. We back up DynamoDB tables to another Amazon Region as an additional form of backup. Find out more.
Monitoring
We use both internal and multiple external monitoring services to monitor the FUYL Portal. Our monitoring system will alert the Operations & Security Team through emails and phone calls if there are any errors or abnormalities.
Disclosure
We are working continuously to make our system secure. If you find any security issue, please contact us. We will make sure the issue is fixed and updated as soon as possible.
We take security as our highest priority.