Need help? Call us:

+31 617973354

Data Security Policy

1. Cyber Security


Protaso takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers.

2. Physical Security


Our partners datacenters are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry.

3. Infrastructure Security


Protaso’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

4. Access Logging


Systems controlling the management network at Protaso log to our centralized logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.

5. Security Monitoring


Protaso’s Cyber Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.

6. Machines Security & Employee Access


The security and data integrity of customer machines is of the utmost importance at Protaso. As a result, our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.

7. Snapshot and Backup Security


Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our datacenters for security and compliance purposes.

8. Payment Data Security


Credit / debit card purchases for Protaso services are processed by the third-party vendors ING and Stripe. When our customers provide their credit / debit card information on our website the data is sent to ING or Stripe, i.e., the payment data is not stored on our systems.

For PayPal transactions, Protaso passes the request to PayPal and the transaction occurs directly on the PayPal website. Therefore, the payment data is not stored on our systems. Both Stripe and PayPal power online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.

9. Support


We will be more that happy to answer your questions, so please create a ticket message at hello@protaso.nl.

1. Cyber Security

Protaso takes the security of your data and our infrastructure very seriously. We are committed to providing an environment that is safe, secure, and available to all of our customers.

2. Physical Security

Our partners datacenters are co-located in some of the most respected datacenter facility providers in the world. We leverage all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry.

3. Infrastructure Security

Protaso’s infrastructure is secured through a defense-in-depth layered approach. Access to the management network infrastructure is provided through multi-factor authentication points which restrict network-level access to infrastructure based on job function utilizing the principle of least privilege. All access to the ingress points are closely monitored, and are subject to stringent change control mechanisms.

Systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC). RBAC ensures that only the users who require access to a system are able to login. We consider any system which houses customer data that we collect, or systems which house the data customers store with us to be of the highest sensitivity. As such, access to these systems is extremely limited and closely monitored.

Additionally, hard drives and infrastructure are securely erased before being decommissioned or reused to ensure that your data remains secure.

4. Access Logging

Systems controlling the management network at Protaso log to our centralized logging environment to allow for performance and security monitoring. Our logging includes system actions as well as the logins and commands issued by our system administrators.

5. Security Monitoring

Protaso’s Cyber Security team utilizes monitoring and analytics capabilities to identify potentially malicious activity within our infrastructure. User and system behaviors are monitored for suspicious activity, and investigations are performed following our incident reporting and response procedures.

6. Machines Security & Employee Access

The security and data integrity of customer machines is of the utmost importance at Protaso. As a result, our technical support staff do not have access to the backend hypervisors where virtual servers reside nor direct access to the NAS/SAN storage systems where snapshots and backup images reside. Only select engineering teams have direct access to the backend hypervisors based on their role.

7. Snapshot and Backup Security

Snapshots and Backups are stored on an internal non-publicly visible network on NAS/SAN servers. Customers can directly manage the regions where their snapshots and backups exist which allows the customer to control where their data resides within our datacenters for security and compliance purposes.

8. Payment Data Security

Credit / debit card purchases for Protaso services are processed by the third-party vendors ING and Stripe. When our customers provide their credit / debit card information on our website the data is sent to ING or Stripe, i.e., the payment data is not stored on our systems.

For PayPal transactions, Protaso passes the request to PayPal and the transaction occurs directly on the PayPal website. Therefore, the payment data is not stored on our systems. Both Stripe and PayPal power online financial transactions for thousands of businesses globally, and they are compliant with PCI-DSS standards for the storage and handling of payment information.

9. Support

We will be more that happy to answer your questions, so please create a ticket message at hello@protaso.nl.