Security Overview
Last updated: January 2025
Our Security Commitment
At Seesam NFC, security is fundamental to our service. We implement comprehensive security measures to protect your access control infrastructure, user data, and ensure the integrity of every door access transaction.
Infrastructure Security
Cloud Infrastructure
- Hosting: Amazon Web Services (AWS) Paris region (eu-west-3)
- Compliance: AWS SOC 2, ISO 27001, PCI DSS Level 1
- Redundancy: Multi-availability zone deployment
- Backup: Automated daily backups with 30-day retention
- Disaster Recovery: RPO of 1 hour, RTO of 4 hours
Network Security
- Firewall: AWS Web Application Firewall (WAF)
- DDoS Protection: AWS Shield Standard
- VPC: Isolated Virtual Private Cloud
- Load Balancing: Auto-scaling with health checks
- SSL/TLS: TLS 1.2+ enforced for all connections
Application Security
Authentication & Authorization
- Multi-Factor Authentication: Optional 2FA for admin accounts
- Password Policy: Minimum 12 characters, complexity requirements
- Session Management: Secure session tokens with automatic timeout
- Role-Based Access Control: Granular permissions system
- Single Sign-On: Support for SAML 2.0 and OAuth 2.0
NFC Security
- Chip Support: DESFire EV1 with AES-128 encryption
- Key Management: Keys encrypted by customer administrators
- Enrollment Tokens: One-time use, time-limited tokens
- Mobile Security: Secure element usage where available
- Anti-Cloning: Mutual authentication protocols
Data Security
Encryption
- At Rest: AES-256 encryption for all stored data
- In Transit: TLS 1.2+ for all communications
- Key Storage: AWS Key Management Service (KMS)
- Database: Encrypted RDS instances
- Backups: Encrypted backup storage
Data Isolation
- Multi-Tenancy: Logical data separation per customer
- Access Controls: Row-level security in database
- API Isolation: Customer-specific API keys
- Audit Trails: Comprehensive logging of data access
Operational Security
Development Practices
- Secure SDLC: Security integrated into development lifecycle
- Code Reviews: Mandatory peer reviews for all changes
- Static Analysis: Automated security scanning
- Dependency Management: Regular updates and vulnerability scanning
- Version Control: Git with signed commits
Monitoring & Logging
- Real-Time Monitoring: 24/7 system monitoring
- Security Events: Automated alerting for anomalies
- Access Logs: Comprehensive audit trails
- Log Retention: 90 days for security logs
- SIEM: Security Information and Event Management
Physical Security
Backend Connector
- Deployment: On-premises in customer's secure network
- Communication: Outbound-only connections to cloud
- Offline Mode: Continues operation during network outages
- Updates: Signed and verified software updates
- Hardening: Minimal attack surface, no unnecessary services
Compliance & Certifications
Standards
- GDPR: Full compliance with EU data protection
- ISO 27001: Information security management (in progress)
- SOC 2: Type II audit (planned for 2025)
- OWASP: Following OWASP Top 10 guidelines
Regular Assessments
- Penetration Testing: Annual third-party testing
- Vulnerability Scanning: Weekly automated scans
- Risk Assessments: Quarterly security reviews
- Compliance Audits: Annual compliance verification
Incident Response
Response Plan
- Detection: Automated monitoring and alerting
- Assessment: Immediate severity evaluation
- Containment: Isolate affected systems
- Eradication: Remove threat and patch vulnerabilities
- Recovery: Restore normal operations
- Lessons Learned: Post-incident review
Communication
- Customer Notification: Within 72 hours for data breaches
- Status Page: Real-time service status updates
- Security Advisories: Proactive vulnerability disclosures
User Security Best Practices
Account Security
- Enable two-factor authentication
- Use strong, unique passwords
- Regularly review user access permissions
- Remove access for departed employees promptly
- Monitor access logs for anomalies
Mobile Device Security
- Keep mobile apps updated
- Use device lock screens
- Enable remote wipe capabilities
- Report lost or stolen devices immediately
- Avoid jailbroken or rooted devices
Security Features by Plan
All Plans Include
- End-to-end encryption
- Secure NFC communication
- Regular security updates
- Basic audit logs (30 days)
Professional & Enterprise
- Extended audit logs (90 days)
- Advanced threat detection
- Custom security policies
- Priority security patches
Enterprise Only
- Dedicated security contact
- Custom security assessments
- Compliance reporting
- Security training for administrators
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities. Please report security issues to:
Email: security@seesamnfc.com
PGP Key: Available on request
We commit to:
- Acknowledge receipt within 48 hours
- Provide regular updates on remediation progress
- Credit researchers (with permission)
- Not pursue legal action for good-faith disclosure
Security Updates
Stay informed about our security practices:
- Security Blog: Monthly security updates
- Email Alerts: Critical security notifications
- Documentation: Detailed security guides
- Training: Security webinars for customers
Contact Security Team
Security Team
Email: security@seesamnfc.com
Emergency: security-urgent@seesamnfc.com
Address: BPW Consulting OÜ, Maakri 23A, Tallinn, Estonia
🔒 Security is Our Priority
We continuously invest in security to protect your access control infrastructure.