Dealfront Security Summary

Your security at Dealfront is our top priority.

Paul Faure avatar
Written by Paul Faure
Updated over a week ago

Your security at Dealfront is our top priority. Below are some common questions and concerns when it comes to security. We are always updating our Help Center, but if you have an additional question, feel free to email us


Employee access

Customer data is only accessible by those who need to access it for their work, for example, Technical support.

Employee contractual confidentiality

All our staff contracts have clauses on confidentiality.

Access to customer data is logged

Access by our staff to any customer data is logged in detail.

Internal practices

Security & privacy policies

We have internal security and privacy policies in place to support our staff with dos and don’ts of handling customer data. These policies are built in accordance with international standards.

Device management

We enforce and implement the following practices on staff workstations and mobile devices

  • Disk encryption

  • Lock screen

  • Controlled updates

  • Endpoint Detection and Response software (EDR antivirus)

  • Secure networks and firewalls

  • Mobile device remove wipe/management

Security & privacy training

All our staff members receive security and privacy training at on-boarding and on an ongoing basis.

Penetration testing

We do penetration testing continuously.

Data Centres

Amazon Web Services

All our servers and data are hosted on Amazon Web Services within the EU/EEA area.

You can read about Amazon’s security features and compliance from:



Access to our websites, applications, and APIs is always secured with HTTPS.

Any data transferred to and from our integrations is encrypted.

Where applicable, intra application communication is also encrypted.

At rest

Our databases, logs, caches, and other storage where we keep customer data are encrypted at rest.

Technical details

  • At rest, AES-256 encryption is used.

  • Transit in and out of Dealfront systems is always HTTPS encrypted (TLS 1.2 – 1.3. RSA with AES128 GCM SHA256)

  • Intra-application transit, inside our production network, is AES-256 encrypted.



We implement various mechanisms and are constantly improving the monitoring of our networks, servers, and applications. We monitor errors, availability, system behavior, load, and other resource usage.

  • Servers

  • Networks

  • Applications


We backup our customer data hourly, daily, and weekly. We routinely test our recovery mechanisms and monitor backup integrity and backup processes run as expected.

Disaster recovery

Our production infrastructure is built on fault-tolerant systems that ensure that customer data is stored redundantly across multiple data centers (AWS Availability Zones).

In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures.

Our technical staff is always on call and will be alerted in cases of failures or warnings in the system.

Production infrastructure

We implement various industry best practices on securing our production infrastructure.

2FA access enforced

Two-factor authentication is required for accessing production resources.


Databases, application instances, caches, and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.

Network monitoring of suspicious activity

We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.

Detailed logging

Access, changes to, provision and decommission of any servers or resources are logged in detail.


With Dealfront’s privileges and access controls you can manage who can access and which data.

User privileges

Users can be configured to have limited access or privileges to make changes to Dealfront settings.

Google and Microsoft login

We currently support Google and Microsoft federated login methods.

When Microsoft login is used, Dealfront requests only minimal permissions: openid, email,


Dealfront Group is ISO 27001 and ISO 27701 certified. For more information, please download our comprehensive security kit containing the ISO certificate files, Dealfront Information Security Policy, bug bounty program overview and more detailed FAQ.

Cloud Security Alliance (CSA) STAR Level One

Dealfront has completed the industry standard CSA CAIQ questionnaire containing answers to 261 questions in total in the field of security and privacy. You can find our submission, including the questionnaire file over here.

Other resources

Our comprehensive legal kit is available over here.

Contacting us

Please feel free to contact us if you have questions regarding our privacy or practices. You can email us at

If you need a printed version of this information you can use the 'print' and 'save as PDF' option from your web browser.



Did this answer your question?