Security and data
      Back to home
      1. Help Center
      2. OOTI 101
      3. Security and data

      OOTI and GDPR

      Security of your data and implementation of the GDPR

      At OOTI, we take the security and privacy of your data very seriously. Since the beginning of our adventure, we have always taken care to host your data in Europe in an ultra-secure way.

      With the implementation of the General Data Protection Regulations (GDPR), effective May 25, 2018, OOTI continues to work in this direction by providing you with the following guarantees:

      Nomination of a DPO

      OOTI has appointed an internal Data Protection Officer (DPO) whose responsibility is to monitor the collection and processing of data, train teams in data security and privacy, and report any non-compliance with GDPR standards.

      You can contact our DPO for any questions relating to the GDPR, the security or the confidentiality of your data at privacy@ooti.co.

      Security audit and Privacy Impact assessment

      OOTI has launched a data protection impact analysis, or Privacy Impact Assessment (PIA), to ensure that the processing of your data is respectful of privacy and complies with GDPR standards.

      Collection of data

      OOTI undertakes to collect data concerning you or your company in strict compliance with the rules laid down under the GDPR. You can consult our TOS for more detailed information.

      Data hosting


      Your data is at Amazon Web Services (AWS) on servers in Europe. These data centers are equipped with inverters and generators, video surveillance and motion detection systems as well as security personnel. Their access is strictly controlled and limited to authorized personnel equipped with RFID badges.
      In addition, OOTI hosts your data in your country of practice when technically possible and when this country is deemed adequate according to GDPR standards. So, if you exercise:
      OOTI's physical infrastructure is hosted and managed in Amazon's secure data centers and uses AWS (Amazon Web Service) technology on servers in Europe. Amazon continuously manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon's data center operations have been accredited under:
      ISO27001
      SOC 1 and SOC 2 / SSAE 16 / ISAE 3402 (formerly SAS 70 Type II)
      PCI level 1
      FISMA Moderate
      Sarbanes-Oxley (SOX)
      For more information see: https://aws.amazon.com/security

      PCI

      We use Stripe compliant payment processor for encryption and processing of credit card payments. OOTI's infrastructure provider is PCI Level 1 compliant.

      For more information see: https://stripe.com/docs/security/stripe

      Data security

      Redundancy : Your data is replicated in other geographically distant data centers. In the event of failure of one of them, access to your data automatically switches to another server and allows you to always have access to your data.

      Backups : Your data is backed up once a day. These backups are kept for 3 months in case data restoration is needed.
      Encryption : The data that passes between your terminal and our servers is encrypted using Let's Encrypt Authority X3 certificates with a 2048-bit RSA key.