Data and Security Policy

Introduction

Mainter AB (hereinafter referred to as “Mainter“) believes that it is important that the data you provide as a customer by using the cloud service is protected and that the information does not disappear, is not disclosed or in some other manner ends up in the wrong hands. In this Data and Security Policy you will gain a better understanding of how data is stored and processed by Mainter in a secure manner.

The service

Mainter’s service is web based and accessible via a web browser or an app. This means that the users never need to install anything on their units. Our apps for iOS and Android can be easily installed and updated on Appstore, Google Play and its equivalents.

How Mainter stores data

Mainter uses Amazon Web Services (AWS) to host and operate the service. AWS is one of the leading global providers of cloud infrastructure and Mainter considers it a secure and reliable choice for both the company and its customers.

Mainter also uses Sentry (sentry.io) to monitor application performance and manage system or device crashes. Crash-related data may be temporarily processed by Sentry for the purpose of diagnosing and resolving issues. This data is deleted in accordance with Mainter’s data retention and security policies once no longer needed.

All customer data stored by Mainter shall be accessible to the customer throughout the term of the agreement and thereafter, in accordance with and to the extent set forth in Mainter’s General Terms and Conditions.

Mainter’s backup routines

Mainter secures data by two methods:

• Daily Full Backups: A verified full backup of all databases is performed daily, starting at 3:00 PM (UTC).
• Point-in-Time Backups: Continuous backups of the entire database server are taken to allow restoration of data as it existed at any specific point in time.

Mainter saves all versions of the files you upload in the service. All backups are saved at three geographically isolated locations. All data is saved with Amazon in Stockholm, Sweden. Mainter does not restore data which the customer has accidentally erased. Restoration is carried out by Mainter only for the purpose of maintaining the operation of the service.

Incident Response and Notification

Mainter has established and maintains a documented incident response plan covering detection, containment, mitigation and communication. All security incidents affecting customer data are logged and assessed.

Mainter will notify any affected Customer(s) without undue delay and no later than 24 hours after becoming aware of a personal data breach or a cybersecurity incident as defined in Article 23 of the directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 (hereinafter referred to as the “NIS2 Directive”).

A follow-up report will be provided to the customer within 72 hours. The report shall (at least) include a root cause analysis and corrective actions.

Security and governance training

Mainter has established and maintains a security governance framework including role-based access control, segregation of duties, and an annual review process. All personnel with access to customer data receive mandatory training in data protection and cybersecurity. All personnel are subject to signed confidentiality agreements. A designated security officer oversees compliance with internal and external security requirements.

Supply chain security

Mainter continuously evaluates supply chain risk. All subprocessors are bound to adhere to equivalent security requirements as Mainter under e.g. GDPR, NIS2 Directive and local applicable data protection legislation (from time to time).

Secure development practices

Mainter applies secure coding practices and performs security testing (including vulnerability scanning and code reviews) throughout the software development lifecycle (so called SDLC). Updates are deployed using version control and change management procedures to minimize the risk of introducing vulnerabilities.

System requirements

We recommend using the most recent version of Chrome (Google) when accessing the service via a web browser. Please note that it is not certain that you can use the service if you have deactivated cookies in your web browser. Mainter may update the system requirements without notifying you.

Computer and Operating System

Operating System: Windows 10 or later, or macOS 11 (Big Sur) or later

Processor: Intel Core i5 or equivalent minimum

Memory (RAM): At least 4 GB (8 GB recommended for heavier usage)

Display: Minimum 1280 x 800 resolution (Full HD or higher recommended)

Internet Connection

Speed: Minimum 10 Mbps download / 2 Mbps upload

Connection Type: Wired broadband or stable Wi-Fi

Latency: Below 100 ms is recommended, especially for real-time features

Browser Settings

Cookies: Must be enabled

JavaScript: Must be enabled

Pop-ups: Should not be blocked for full functionality

The service uses HTTPS over port 443. Please ensure your firewall or proxy does not block this.

How Mainter handles log-in information

All user passwords are securely encrypted and are never stored or accessible in plain text – not even by Mainter employees. Additionally, all data transmitted within the system is encrypted using HTTPS to ensure secure communication between users and the platform.