Galooli is committed to protecting the security, availability, and confidentiality of its customers’ data.
Galooli implements a comprehensive information security program that is based on the ISO 27001 standard. This program includes various security measures of the cloud environment, including access control, data encryption, network security, and data backup and recovery.
Galooli holds ISO 9001 and ISO 27001 certifications. You can access the certificates in our knowledge base at: Quality Standards, Certifications, and Patents.
Galooli assures full compliance with GDPR requirements.
For detailed information on Galooli’s security and privacy policy, please refer to the links bellow
Should you have any questions or concerns, please contact us.
Galooli's Servers Security Level
All Galooli's data is safe and stored on Amazon servers, with the highest security level.
You can find more information about the server's security at the following links:
Galooli Data Protection
Galooli is committed to the most rigorous standards of information security, and operates in compliance with all applicable information security laws and regulations, including the GPDR.
Our cloud is hosted on AWS US.
According to the Data Privacy Framework (PDF) Program Overview, “On the basis of the EU-U.S. DPF Principles, Executive Order 14086, 28 CFR part 201, and accompanying letters and materials, including the commitments by the U.S. Department of Commerce’s International Trade Administration (ITA) regarding the administration and supervision of the Data Privacy Framework (DPF) program, the European Commission was able to adopt a new adequacy decision recognizing the adequacy of protection provided by the EU-U.S. DPF. The European Commission’s new adequacy decision affirms that the strengthened safeguards in U.S. law on signals intelligence activities, new redress mechanism, and the amended privacy principles under the EU-U.S. DPF meet EU legal requirements thereby enabling participating organizations to use the EU-U.S. DPF Principles to transfer EU personal data to the United States in compliance with EU law.” For further details visit:
Data Backups and Recovery
Galooli's Information Security Policy, Disaster Recovery Plan (DRP), and Business Continuity Plan delineate backup procedures and data recovery protocols for various scenarios, encompassing instances such as server unavailability, employee incapacitation, office space disruption, and database corruption or catastrophe.
Galooli’s source code is managed and will be securely backed up to a separate cloud.
Database backups are conducted on a daily basis for active databases.
Security Training procedures establish precise timelines for both full and partial retrieval of essential data components.
Galooli conducts regular security audits to identify and fix any security vulnerabilities in its services.
Galooli discontinues the processing of information that is no longer deemed necessary. In such cases, every reasonable measure is taken to ensure that the information remains inaccessible through conventional means, even including the restoration process utilizing backup facilities.
Galooli Security Layers
Unit Protection | Login | Protocol Between | System Architecture | Development | General |
|---|---|---|---|---|---|
Propriety protocol between on-site units to servers | Password managing
|
Token based connectivity |
Server systems are departmentalized, with different secured VPCs without the possibility of accessing DB |
Separated environment for test and production | ISO 27001 |
Optional adding Private APN/ Restricted APN
| SSO Login
| Fully secured client-server communication - HTTPS | AWS environment
|
| GDPR |
ID to every unit
| Recapture V3
| End Clients installed applications are fully signed | Replicating the systems in case of an emergency |
|
|
Audit trail
| IDP Engine
|
|
|
|
|
RBAC
| Allowed IPs
|
|
|
|
|
Access & Security Configuration
Galooli allows its users to easily set Access and Security Settings. For further details see the following links:
Security & Privacy FAQ
Question | Answer |
|---|---|
“What security and privacy measures has AWS implemented to protect customer data, and how does their Data Processing Agreement (DPA) relate to GDPR compliance?” | AWS has implemented a comprehensive set of security and privacy measures to protect customer data, including data encryption, access control, and audit logging. AWS also offers a Data Processing Agreement (DPA) that incorporates AWS's commitments as a data processor under the GDPR. |
"What are the storage requirements for personal data under the GDPR, and how does it relate to the protection of EU residents' personal data?" | The GDPR does not specify where data must be stored (although it does require that data controllers take appropriate measures to protect the personal data of EU residents). |
“What is the level of GDPR compliance in AWS data centers located in the US, especially in North Virginia, and where can I find up-to-date documentation on this matter?” | All AWS data centers are compliant with DGPR, including the ones in the US in general, and North Virginia in particular. See for example this up-to-date White Paper by AWS: Navigating GDPR Compliance on AWS - AWS Whitepaper (amazon.com) |
“What kind of information Galooli processes? “ | The kind of information Galooli processes is detailed in Galooli's Privacy Policy, especially in the sections “Data,” and “Data Collecting.” The latter reads: "Data is collected under the legitimate business interests of the Asset Owner to enable it to monitor aspects such as, but not limited to: Asset Location, Fleet Optimization, Road and Driver Safety, Environmental Impact, Fuel Usage, Power usage." |