Flipsnack Security Portal

For data at rest, we use AWS Key Management Service (AWS KMS) to store and manage encryption keys, and the Advanced Encryption Standard algorithm with 256-bit keys (AES-256) to perform the encryption.

With regard to data in transit, we use SSL for every request between our customers and Flipsnack, with a key size of 2048 bits, and the SHA-256 with RSA encryption algorithm.

Flipsnack’s infrastructure is hosted on Amazon Web Services (AWS) and benefits from AWS’s industry-leading physical security controls, as described here. Additionally, Flipsnack offices are guaranteed by our internal Physical Security Policy and Procedures. Further details are available here.

Flipsnack will retain your personal data as long as your account is active.

If you wish to delete all of your data from Flipsnack, please follow the instructions provided in this Help Center article: How to erase all your Flipsnack data.
You may request that we delete the personal information we have collected from you by emailing privacy@flipsnack.com.

Flipsnack's Incident Response Team follows the documented Incident Response Plan and Procedures, which includes the obligation to notify customers within 24 hours. Furthermore, customers are notified in real time about the status of the Flipsnack application if they subscribe to status.flipsnack.com.

We maintain a high level of availability on our platform, averaging over 99.999%.

We are using AWS Cloudfront and WAF for DDoS protection.

Flipsnack ensures business resilience through a comprehensive Disaster Recovery Policy and Continuity Plan, reviewed annually by our Information Security Unit. The communication plan is dedicated to the emergency team responsible for handling critical events/incidents. Customers are informed only if they are impacted outside of the agreed SLA. All the ISMS documents, including the Business Continuity Plan, are reviewed yearly in order to be updated with the changes according to the rules (strategy) specified in the Documented Information Procedure.

Data Loss Prevention We have a centralized log and event solution integrated into AWS. Our firewall and DDoS protection solutions include but are not limited to, AWS Cloudfront and AWS WAF.

Flipsnack’s primary data centers are hosted on AWS in Virginia, USA.

Production environments are distinct and isolated from non-production environments to ensure the stability, security, and integrity of the live application used by end-users.

Flipsnack has incident response plans in place in the event of a breach of an information system.
RPO/RTO capabilities and their comparison to the RPO/RTO requirements are elaborated on in the criticality assessment. There are separate environments for testing purposes, and customers are not affected at all. Our RTO is 60 minutes, and our RPO is 30 minutes.

All flipbooks and data are hosted and delivered using redundant services, including AWS EC2 (Elastic Compute Cloud), AWS S3 (Simple Storage Service), and Cloudfront.

Flipsnack relies on Amazon Web Services (AWS), a leading cloud computing platform, for its hosting services.

To maintain the integrity and security of our platform, Flipsnack conducts ongoing penetration testing, with results available in a public report. Additionally, regular vulnerability scans are performed on our platform to identify and mitigate potential security risks proactively. These measures are part of our comprehensive security strategy to protect our users' data and ensure a secure environment.

Flipsnack performs penetration and vulnerability testing at least once a year, conducted by third-party cybersecurity experts, as described in our Public Pen-test.

Flipsnack utilizes AWS's hosting services, which is known for its robust infrastructure. Additionally, AWS has a SOC2 report in place, demonstrating its commitment to meeting high standards for security, availability, and confidentiality, and Flipsnack benefits from AWS's SOC2 compliance. The SOC2 report can be accessed through a Non-Disclosure Agreement (NDA) and can be requested at legal@flipsnack.com.

The Network Diagram from Flipsnack can be accessed through a Non-Disclosure Agreement (NDA) and can be requested by contacting legal@flipsnack.com.

Two-factor authentication (2FA) is a security measure that requires users to provide two forms of authentication to access sensitive data and resources. Flipsnack’s 2FA adds an extra layer of security to user accounts by requiring a second factor in addition to the standard username and password. This makes it more difficult for attackers to gain access to sensitive data and resources, even if they manage to obtain a user's password.

Flipsnack implements a Role-Based Access Control (RBAC) security model, which limits access to resources based on the specific roles and responsibilities of users within the organization. This model ensures that each user has the appropriate level of access according to their position in the hierarchy:

• Owner: The person who created the account and has ultimate control over it.
• Administrator: Has the same access as the owner, but multiple administrators can exist.
• Editor: Can fully edit flipbooks but does not have access to Billing and Settings.
• Agent: Has access only to their own flipbooks and cannot access Billing and Settings.
• Contributor: Can create, edit, and view their own flipbooks, but these can only be published by the Owner, Administrators, or Editors.

By utilizing RBAC, Flipsnack ensures a secure and efficient distribution of access rights, enhancing overall security and operational efficiency.

Flipsnack considers all customer data confidential, irrespective of its classification. Only employees whose job roles require it can access this confidential information, and solely in situations where it is essential to provide a specific service to the customer or support service delivery. In these instances, employees are directed to access only the minimum amount of confidential information needed to complete their tasks. Upon termination of employment, system access is revoked within 24 hours.

Flipsnack's Single Sign-On (SSO) mechanism allows users to log in once and access multiple applications without the need to re-enter their credentials. This feature enhances security by minimizing the number of login credentials users must remember, reducing the risk of password reuse, and improving overall password security. Additionally, SSO simplifies access management for administrators, who can manage user access to various applications from a single location.
Flipsnack supports various SSO providers, including OpenID, and Okta, to ensure seamless and secure user access. This integration not only streamlines the user experience but also provides robust security measures, safeguarding user data and access to the platform.

We monitor account activity logs and can help organizations detect and respond to potential security incidents quickly. By monitoring logs, Flipsnack can identify suspicious activity, such as multiple failed login attempts or unauthorized access attempts, and take appropriate action. Regularly reviewing account activity logs can help organizations detect security incidents early and reduce the impact of a potential breach.

An SSL (Secure Sockets Layer) certificate is a digital certificate that encrypts data exchanged between a web server and a web browser. SSL certificates ensure that sensitive information, such as login credentials and payment information, is transmitted securely over the Internet. Flipsnack ensures that our website has an SSL certificate to protect user data from interception by attackers.

Flipbook password-protected pages are a simple but effective way to restrict access to sensitive data and resources. Password-protected pages require users to enter a password to access the content, adding an extra layer of security. Passwords should be strong and complex, and users should be required to change their passwords periodically to reduce the risk of unauthorized access.

Custom domain security settings allow Flipsnack’s enterprise users to control who can access their website from specific domains or IP addresses. This feature can be useful for organizations that want to restrict access to their website from certain locations, such as countries or regions where they do not do business. Custom domain security settings can help organizations prevent unauthorized access and reduce the risk of cyberattacks.

Only the people you invite via email will have access to your catalogs. The invited people will have to create a Flipsnack account in order to read your catalogs. This option allows you to restrict access to your documents to a handful of people. Only the particular individuals that you decide to invite will be allowed to view your files and their identities will be verified through authentication.

At Flipsnack, code analysis is a critical component of our secure development process. We employ both static and dynamic code analysis techniques to identify and address vulnerabilities early in the development lifecycle.

At Flipsnack, credential management is a top priority to ensure the security of our users' information. We implement stringent policies and best practices for handling and storing credentials. This includes using strong encryption methods, enforcing multi-factor authentication, and regularly rotating passwords.

Flipsnack's Secure Development Policy ensures that security is embedded into every stage of our product development lifecycle. We follow industry best practices and conduct regular security assessments to identify and mitigate potential vulnerabilities.

Flipsnack adheres to a formal vulnerability management process and applies patches based on a documented SLA. Also, we use golden images for critical security patches and updates, we make modifications on these golden images, test them and replace actual instances with new ones based on golden images.

Here at Flipsnack, we’re focused on creativity and innovation, but we also work together to meet the highest security standards. Flipsnack's Security Unit Team and the Compliance Department provide information security training on an ongoing basis to all employees.

Flipsnack has established an Internal Security Unit comprising DevOps professionals, developers, and compliance officers tasked with enforcing secure practices and promptly addressing security incidents efficiently. Additionally, this unit plays an important role in coordinating the development and implementation of a secure foundation across the entire company.

Flipsnack has implemented comprehensive policies and procedures to establish a common baseline for information security standards and employee guidance. Flipsnack's policies and procedures are reviewed and updated whenever necessary, but at least annually.

The OWASP (Open Web Application Security Project) Top 10 list is a cornerstone of our security framework, guiding our efforts to protect against the most critical web-based threats.

Flipsnack's DevOps department prioritizes security using a Mobile Device Management (MDM) solution to effectively manage and track company-owned devices. This implementation enhances data protection, enforces security policies, and provides real-time visibility into device activities, fortifying our commitment to safeguarding sensitive information. The MDM solution contributes significantly to a secure and resilient infrastructure, mitigating potential risks associated with mobile device usage within the organization.

Flipsnack runs a zero-trust corporate network, meaning every employee has to authenticate to access any of Flipsnack's resources.

We are using AWS GuardDuty for the active scanning of our endpoints.

At Flipsnack, quality assurance is integral to our operations. We adhere to strict quality standards to ensure our products and services meet the highest levels of reliability and performance. Our commitment to continuous improvement and regular audits guarantees that we consistently deliver exceptional value and security to our customers.

Flipsnack's cookie policy can be found at the following link: https://legal.flipsnack.com/cookie-policy

Further details regarding Flipsnack's obligations on technical measures for security breach notifications in the Section 3 of the DPA.

Flipsnack has an appointed Data Protection Officer (DPO). If you have any inquiries or concerns, please contact our DPO at dpo@flipsnack.com.

Flipsnack participates in the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), which were developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland that are consistent with EU, UK, and Swiss law.

Confidential information should also be given special attention. With policies in place and our Security Unit Team, we ensure that sensitive information is handled appropriately and protected from unauthorized access or disclosure.

Flipsnack’s transparency is our key component of a privacy program, with clear and concise privacy policies and notices that explain how customer data is collected, used, and shared. We believe in transparency and accountability, which is why we have appointed a Security Unit Team to oversee our Privacy Program and ensure compliance with data protection laws.

Flipsnack's engagements with subprocessors are guided by rigorous contractual obligations prioritizing customer data privacy and visibility. The sub-processors list can be accessed here.

Our standard Non-Disclosure Agreement (NDA), designed to simplify the process, can be accessed and signed at this link: https://legal.flipsnack.com/nda.

Flipsnack’s MSA can be requested at legal@flipsnack.com.

Additional information concerning the privacy policy can be downloaded here.

Flipsnack’s Terms of Service can be downloaded here.

Flipsnack’s AI features are powered by OpenAI technologies. We ensure that the use of OpenAI services aligns with strict security and privacy standards. OpenAI processes data securely and follows a "Zero Data Retention" policy for Service Data—meaning no Service Data is stored or used for model training once an output is delivered. Additionally, all data processed by OpenAI is encrypted in transit, and no Service Data is hosted or persisted within their systems. This approach helps us maintain a strong commitment to data privacy, compliance with GDPR and other data protection laws, and the protection of our customers' information. Flipsnack’s AI Policy can be accessed here.

The Flipsnack Code of Business Conduct and Ethics establishes legitimate and moral guidelines for the Company's chiefs, leaders, and representatives. This Code urges the Company to work with high integrity and in accordance with every appropriate law and guideline. All the details about Flipsnack's Code of Business Conduct and Ethics can be found here.