Why is Security Our
Top Priority?

At Surfy, the security of information systems is not an option, but an absolute priority. Our Security Assurance Plan (SAP) reflects this unwavering commitment to the protection, integrity, and confidentiality of our clients' data. Through a rigorous approach, advanced authentication technologies, and a robust infrastructure, we ensure proactive defense against threats, while guaranteeing optimal business continuity. Surfy is committed to maintaining and enhancing user trust through impeccable security.

Surfy's Commitment to Security

At Surfy, the confidentiality, integrity, and availability of our clients' information are at the heart of our concerns. We adopt a multidimensional approach to protect these essential informations through continuous control and improvement of our applications, systems, and processes.

Compliance and Certifications

Our hosting centers comply with international security standards such as ISO 27001, SOC 1, and SOC 2/SSAE 16/ISAE 3402, thus ensuring optimal protection of your data, hosted exclusively in France with Microsoft Azure France.

Concrete Actions for Flawless Security

Web Platform Security

The Surfy web platform is secured by HTTPS, ensuring a secure connection and the protection of your data and passwords during their transit on the Internet.

Database and Server Protection

We ensure that all security patches and fixes are installed immediately, thus guaranteeing the security and redundancy of our database.

Rigorous Access and Password Management

User authentication is performed via JWT tokens and individual Office 365 or Google accounts via OAuth2, or enterprise accounts in accordance with the OpenId protocol. Surfy delegates the creation and management of passwords to Auth0, a leader in security.

Commitment to the CNIL

Surfy is registered with the CNIL under declaration number 1866472 v 0, highlighting our commitment to the protection of personal data.

Our Security Assurance Plan

Our commitments to the security of data and applications hosted on our platform, accessible via https://app.surfy.pro.

Uncompromising Security at Every Level

Adaptability and Vigilance: At Surfy, security is not just a policy; it's a culture integrated into our daily life. Our dynamic approach ensures quick adaptation to new threats, with a continuous commitment to train and inform our teams on best practices in information systems security (ISS).

Operational Excellence

Rigorous Resource Management: The meticulous classification and mapping of our IT assets allow us to maintain constant vigilance and apply targeted and effective access management, thus ensuring the maximum protection of sensitive data.

Secure Authentications and Access

The use of the most advanced authentication technologies, such as electronic certificates and Multi-Factor Authentication (MFA), strengthens our security barrier, preventing unauthorized access to our systems and data.

Robust and Resilient Infrastructure

Physical and Environmental Security

Physical access control to premises and traceability of visits are rigorously managed to prevent any unauthorized access, thus complementing our IT security with unwavering physical security.

System Hardening

We adopt a proactive security posture through the hardening of IT resources, systematic deployment of critical updates, and a relentless fight against malware, thus ensuring a solid defense against vulnerabilities.

Ensured Business Continuity

Preparation and Reactivity: Our Business Continuity Plan (BCP) is designed to ensure resilience and rapid recovery of our services in the event of an incident. Thanks to a highly redundant infrastructure and proven backup and restoration procedures, we guarantee continuous availability of our services.

Secure Collaboration

Strengthened Partnerships: Rigorous security management with our subcontractors and partners strengthens our security ecosystem, ensuring a solid trust chain throughout our value chain.

Continuous Evolution and Adaptation

Audit and Improvement: Regular audits, both internal and external, allow us to measure the effectiveness of our security policies and identify areas for improvement, thus ensuring that our security posture continually evolves to counter emerging threats.