The security of our platform and its users is of paramount importance to us. Learn more about the security measures we use and standards we follow.
From the point you connect to a gateway (dedicated cloud VPN server) in your preferred location, all the data sent and received is hidden from discovery and encrypted via a secure tunnel. We are aware that the gateways are one of the most important parts of GoodAccess, so we put a significant amount of effort into their protection. Access to the gateways is secured against brute-force attacks, which protects them from dictionary attacks, credential stuffing and other malicious techniques that may cause leakage of sensitive data and malfunction of the server. Also, only certificate-based access is allowed.
GoodAccess gateways support IKEv2/IPSec and OpenVPN protocols to establish a secure tunneled interconnection between a user's devices and the desired IT resources. Both are designed to use strong (unbroken) ciphers and algorithms, TLS authentication, MitM protection, Perfect Forward Secrecy, etc. Wireguard implementation is on our roadmap for 2022.
When using GoodAccess, you are assigned either a Team Member or Admin role. Each role has a different choice of authentication methods to prevent unauthorized access and misuse of sensitive data.
The tests cover the following product parts:
As a still another way to improve the security of our products, we are constantly looking for new ways to secure servers, apps, connections and GoodAccess users. This is why we also run a bug bounty program. We appreciate everyone who contributes and helps us to keep our product secured. If you find any vulnerability or security bug, please let us know at firstname.lastname@example.org and we’ll reward you with gift cards that we have prepared for this purpose.
GoodAccess is a privately held, independent company based in the Czech Republic, Europe, that follows European law.
Spitalske namesti 3517/1b
400 01 Usti nad Labem
Czech Republic, Europe
VAT ID : CZ03513386
GoodAccess is compliant with GDPR. As we're located within the EU, we are legally obliged to do so. Besides sticking to GDPR regulations, we also follow ISO 27001, SOC2 best practices.
GoodAccess is SOC2-certified. We adhere to strict internal controls over our information systems and their users, and maintain high standards of security, availability, confidentiality, processing integrity, and privacy.
GoodAccess is certified in the ISO/IEC 27001 standard. We possess a comprehensive matrix of security controls and other forms of risk management, and adhere to internal processes that maintain a high information security on an ongoing basis.
We need to store some personal data of active customers, which is needed to operate our services and for compliance reasons. We also keep contact information to alert customers when fraudulent activity is detected in their network and to share important information about the product and subscription. All our data storage is fully compliant with the strictest GDPR rules.
We have no visibility into the customer's data and content of the communication. GoodAccess:
Careful selection of business partners is a cornerstone for delivering the best possible service. Service providers we partner with are compliant and certified by ISO 27001 and SOC2, data centers where we run our servers have ISO 27001 and SOC2 certification at the minimum, most are also compliant with PCI DSS, SOC1, NIST 800-53 PE.