Security

Hosting & Data Centers

EquipPanel is built on enterprise-grade infrastructure with redundancy and high availability:

• Cloud Hosting: Global edge network with automatic SSL/TLS encryption and DDoS protection
• Database Infrastructure: Enterprise-grade database infrastructure with EU-based data centers
• Data Residency: Primary data storage within the European Economic Area (EEA) for GDPR compliance
• Redundancy: Automated backups, failover systems, and disaster recovery procedures
• Uptime: High uptime SLA with monitoring and automatic incident response

Network Security

• DDoS Protection: Distributed denial-of-service attack mitigation and rate limiting
• Firewall Protection: Network-level firewalls and intrusion detection systems
• Secure Protocols: All connections use modern Transport Layer Security (TLS) encryption (HTTPS only)
• IP Filtering: Advanced threat detection and blocking of suspicious IP addresses

Encryption in Transit

All data transmitted between your device and our servers is encrypted:

• TLS/SSL: All connections use modern Transport Layer Security (TLS) encryption
• HTTPS Only: All web traffic is encrypted and authenticated using HTTPS
• Certificate Management: Automated SSL certificate renewal and management
• Perfect Forward Secrecy: Ephemeral key exchange for enhanced security

Encryption at Rest

All data stored in our databases and file storage is encrypted:

• Database Encryption: All databases encrypted at rest using industry-standard encryption
• File Storage: All uploaded files (documents, images, attachments) encrypted at rest
• Backup Encryption: Automated backups are encrypted before storage
• Key Management: Encryption keys managed securely with rotation policies

Password Security

• Hashing: Passwords are hashed using industry-standard algorithms with salt before storage
• Password Requirements: Minimum length and complexity requirements enforced
• No Plain Text: Passwords are never stored in plain text or transmitted unencrypted
• Session Management: Secure session tokens with expiration and refresh mechanisms

Authentication

• Secure Authentication: Industry-standard authentication with secure token-based session management
• Email Verification: Email verification required for new account creation
• Password Reset: Secure password reset flow with time-limited tokens
• Session Timeout: Automatic session expiration after inactivity

Role-Based Access Control (RBAC)

Multi-level access control ensures users only access data they are authorized to view:

• Admin: Full access to all company data, settings, billing, and team management
• Operator: Can create/edit logs, manage maintenance, upload documents (limited access)
• Viewer: Read-only access to equipment data and logs (no modifications)
• Role Enforcement: Server-side and database-level role checks prevent unauthorized access

Data Isolation

Strict multi-tenant architecture ensures complete data isolation between companies:

• Database-Level Security: Database-level security policies enforce company data isolation
• Query Filtering: All database queries automatically filter by company to prevent data leakage
• Storage Isolation: File storage organized by company with access controls
• API Protection: All API endpoints verify company ownership before data access

Input Validation & Sanitization

• Input Sanitization: All user inputs are validated and sanitized to prevent injection attacks
• File Validation: File uploads validated for type, size, and content to prevent malicious files
• SQL Injection Prevention: Parameterized queries prevent SQL injection
• XSS Protection: Content Security Policy (CSP) and input sanitization prevent cross-site scripting
• Path Traversal Prevention: File paths validated to prevent directory traversal attacks

Rate Limiting

• API Rate Limiting: Per-user and per-company rate limits prevent abuse and DDoS attacks
• Upload Limits: File upload rate limiting to prevent storage abuse
• Authentication Limits: Login attempt rate limiting to prevent brute force attacks
• Persistent Tracking: Rate limiting tracked persistently for accurate enforcement

Security Monitoring

• Security Event Logging: All security events logged with IP addresses and user agents
• Anomaly Detection: Automated detection of suspicious activities and unauthorized access attempts
• Audit Logging: Comprehensive audit logs for all data access and modifications
• Real-Time Monitoring: 24/7 monitoring of security events and system health

Regular Security Audits

• Code Reviews: All code changes reviewed for security vulnerabilities
• Dependency Scanning: Regular scanning of dependencies for known vulnerabilities
• Penetration Testing: Regular security assessments and penetration testing
• Vulnerability Management: Prompt patching of identified security vulnerabilities

Automated Backups

• Regular Backups: Automated backups of all databases and file storage
• Encrypted Backups: All backups encrypted before storage
• Retention Policy: Backups retained according to our retention policy

Disaster Recovery

• Recovery Procedures: Disaster recovery procedures in place to restore service in case of incidents

GDPR Compliance

EquipPanel is fully compliant with the General Data Protection Regulation (GDPR):

• Data Processing Agreements: GDPR-compliant data processing agreements with all service providers
• Data Subject Rights: Full support for data access, deletion, portability, and other GDPR rights
• Privacy by Design: Security and privacy considerations built into all features
• Data Minimization: Only collect and process data necessary for service delivery
• Cookie Consent: Granular cookie consent system with user preference management

For more information, see our GDPR Compliance page.

Service Provider Compliance

• Database & Storage Providers: All providers are GDPR compliant and maintain industry-standard security certifications
• Hosting Provider: GDPR compliant with industry-standard security certifications
• Payment Processor: PCI DSS certified and GDPR compliant

Security Incident Procedures

We have established procedures for detecting, responding to, and notifying users of security incidents:

• Detection: Automated monitoring and alerting for security events
• Response: Incident response team with defined roles and responsibilities
• Containment: Rapid containment procedures to limit impact of security incidents
• Notification: Prompt notification of affected users in case of data breaches (within 72 hours as required by GDPR)
• Remediation: Post-incident review and remediation to prevent future incidents

Reporting Security Vulnerabilities

If you discover a security vulnerability, please report it responsibly to security@equippanel.com. We appreciate responsible disclosure and will work with you to address any issues promptly.

Access Controls

• Principle of Least Privilege: Employees only have access to data necessary for their role
• Access Logging: All employee access to customer data is logged and audited
• Regular Access Reviews: Periodic review of employee access rights

Employee Training

• Security Training: All employees receive security awareness training
• Data Protection Training: Regular training on GDPR and data protection requirements
• Incident Response Training: Training on security incident response procedures
• Code of Conduct: Clear security policies and code of conduct for all employees

Service Providers

• Database & Storage Providers: All providers are GDPR compliant and maintain industry-standard security certifications
• Hosting Provider: GDPR compliant with industry-standard security certifications
• Payment Processor: PCI DSS certified and GDPR compliant

Data Processing Agreements

All service providers have signed data processing agreements (DPAs) that comply with GDPR requirements and include appropriate security and data protection measures.