The security of data at Lizee

The topic of data security is a central concern for Lizee to ensure confidentiality and protection. Here is a range of information that you may need to better understand the data security methods at Lizee.

Security of data

Some details on the data security measures in place:

• Our data is stored in databases hosted on servers located in France.
• Access to these databases is strictly limited to individuals who fundamentally require them, including:
  • Developers who may need to intervene in problem resolution.
  • The data team.
• Data in non-production environments is encrypted.

What type of data backup do we have? What is its duration?

These databases are backed up using two applications:

• CleverCloud: Retention period of 7 days.
• OVH: Storage server with a retention period of 30 days.

According to the backups, CleverCloud or OVH, is database versioning properly removed beyond the mentioned deadlines?

Yes, there are retention periods of 7 days and 30 days for CleverCloud and OVH, respectively. Backups are deleted after 30 days for CleverCloud and 7 days for OVH.

How long are order data stored on Sylius?

The data for completed orders is retained for the duration of the site (including data, etc.). Data for carts (incomplete orders) is deleted after 3 months without any changes to that cart.

Double Authentication

Is two-factor authentication implemented?

Two-factor authentication is required to access the data server management interfaces. However, there is no two-factor authentication for direct user access to our applications.

Is there a roadmap for implementing two-factor authentication on the apps used by our employees?

No, implementing two-factor authentication on our tools is not a priority for us at this time.

Do you have a process for closing accounts during personnel changes?

User account data (clients) is deleted after 1 year of inactivity on the client's site. For accounts related to our tools, we remove access upon request.