Our security principles
We protect data from unauthorized access and misuse.
We protect data from unauthorized modification throughout its entire life cycle.
Our service is available in real time even for live voting with a large number of voters.
Architecture and Infrastructure
- All of our infrastructure is hosted with certified (including ISO/IEC 27001, 27017, and 27018) cloud providers Heroku and Amazon AWS. For more information on Heroku and Amazon AWS security, please visit their respective overviews.
- We ensure that our data is only processed and stored in the EU in a GDPR-compliant manner.
- Each customer receives its own logically closed instance of NemoVote from us. This means that data from other instances will not be stored together with their data.
- Our web servers encrypt data during transmission to and from NemoVote using HTTPS.
- All persistent data is encrypted by us at rest using the AES-256 encryption standard.
Logging and monitoring
- All activities (including administrative access) on our systems are centrally logged and monitored.
- Our log files are stored in encrypted form and are only accessible to administrators.
- Our log files are stored for a maximum period of 7 days.
- Passwords of our customers as well as personal data are not logged by us at any time.
- Through our active monitoring and warning system, incidents are reported directly to the responsible administrator.
- NemoVote maintains procedures to mitigate identified and reported security vulnerabilities within a defined timeframe.
- We ensure our customers and relevant authorities are informed in case of a security incident within the reporting deadlines of 72h.
- Security incidents can be reported to email@example.com.
- All source code changes are subject to technical and organizational code reviews by multiple qualified personnel in designated test environments. Our periodic code reviews include manual and automated code reviews, performance tests, (performed by third parties) and dependency checks.
- NemoVote has formal change management to manage changes to software, deployed in the production environment. For more detailed information on NemoVote changes, please refer to the NemoVote Change Log.
- We maintain a detailed rollback process to revert to previous system versions, in the event of an emergency.
- Any changes are reviewed and tested before being released to production systems.
Backup and Restore
- NemoVote creates backups at regular intervals in case of data loss.
- Backups are tested by us regularly and stored securely with our cloud provider (minimum encryption standard AES-256).
- NemoVote has the following disaster recovery objectives for our systems:
- Recovery Time Objective (RTO): 60 minutes
- Recovery Point Objective (RPO): 15 minutes
- Specific password guidelines apply to all our customers through the use of proven user management systems.
- The Voter ID and the vote cast are stored independently and cannot be subsequently linked in the database, ensuring the anonymity of the voter.
- Before a voter’s vote is counted, the vote must be confirmed in a second step. This prevents the vote from being cast accidentally.
In order to prevent votes from being cast without authorization, the vote is checked for it’s authorized casting as well as correctness before it is counted.
- The NemoVote election server also ensures that only as many votes can be cast by a voter as have been assigned to him via the voter lists.
Results are accessible and traceable immediately after each vote for all authenticated and authorized NemoVote users in the app. This also makes it additionally verifiable for the voter whether the respective vote was recorded.
For employees and administrators:
- All accesses of NemoVote developers to our systems are secured by advanced authentication measures.
- We follow the least privilege principle. This means that our employees are only granted access to systems that are absolutely necessary for them.
- All our employees undertake to maintain confidentiality in accordance with Article 5 (1) f) of the General Data Protection Regulation.
- All assigned accesses of employees and administrators are regularly checked for still existing necessity. When an employee leaves, we follow a designated protocol for terminating all assigned accesses.
Security and data protection team
- Our employees, as well as external partners commissioned by us, can demonstrate relevant experience and industry-standard certifications such as “Certified Information Systems Security Professional”, “Certified Cloud Security Professional” of the (ISC)², “Data Protection Officer (IHK)” and “Information Security Officer – ISO (TÜV)”.
- We use Stripe for payment processing in our online store. In this process, we do not store any payment data, but transmit it directly to Stripe.
- Personal data and data from votes will be deleted from all our systems (including backups and archives) after termination of the corresponding NemoVote plan in compliance with legal retention periods. To avoid deletion of your data after termination of the NemoVote plan, so that you are still guaranteed access to your votes, you can use our data reuse packages.