Your Brand, Fully Secured with Andy: Your Top Cybersecurity Questions Answered
Have you ever wondered how Andy shields your digital operations so you can focus solely on creating magic in your kitchen?
In this post, we’ve gathered the most frequently asked questions about the cybersecurity of our digital assistant, Andy—a topic we take very, very seriously.
Because when it comes to your brand’s security, there’s no room for halfway measures.
The Cybersecurity Questions Keeping You Up at Night (and Andy’s Answers)
1. How much storage capacity does Andy offer for my data?
Think big! For now, Andy offers virtually unlimited capacity for your document library.
We want you to make the most of every feature without worrying about space. In the future, as the platform evolves with new functionalities and advanced AI capabilities, we might adjust this model, but we’ll always justify the value and improvements we offer.
2. How long is my data stored in Andy?
Your information is valuable, and we guard it rigorously. In Spain, we store documentation for a minimum of 5 years, complying with current legislation. However, it’s crucial to understand that data retention regulations vary significantly by country, and what’s required in one jurisdiction may differ greatly from another.
For instance:
In the UK: While there isn’t a single universal data retention period, general data protection principles under GDPR (which the UK has incorporated into its own Data Protection Act) state that personal data should be kept “no longer than is necessary.” However, specific industries have stricter rules. For example, financial records for tax purposes might need to be kept for 6 years, and some health and safety records could be required for much longer, or even indefinitely.
In the US: The United States has a patchwork of federal and state laws, not a single national data retention policy. Regulations like HIPAA (for healthcare information) or Sarbanes-Oxley (for financial records) mandate specific retention periods, ranging from 6 to 10 years or more, depending on the type of data and the industry. Other data might fall under state-specific consumer protection or business record-keeping laws.
In Australia: Data retention obligations are often tied to specific industry regulations or tax laws. For example, financial records must generally be kept for 5-7 years under Australian tax law. The Privacy Act does not prescribe specific retention periods but requires personal information to be destroyed or de-identified when no longer needed for any purpose for which it was collected.
At Andy, our commitment is to provide a robust solution that caters to global operations. Therefore, while our baseline in Spain is 5 years, we are continually monitoring and adapting to these diverse international landscapes. We always adhere to the strictest applicable compliance standards for your data, ensuring your operations, wherever they are, meet or exceed regulatory requirements.
3. If something is accidentally deleted, can it be recovered?
Don’t worry! While it’s not common, if a document is accidentally deleted, yes, we can recover it from our database.
However, Andy also offers you the flexibility to download and access your information at any time, ensuring you always have full control over your records. Accidental deletion is an unforeseen event, but recovery is our guarantee.
4. What is Andy’s security policy?
Our security policy is the foundation of everything we do.
It’s built on secure design principles, meaning protection is integrated into every phase of our software’s development and operation. We implement robust measures like data encryption, strict access control, and regular security audits to ensure your information is always safe.
5. How does Andy manage data backups?
We leave nothing to chance here. We perform daily backups of all our databases, which are securely stored in off-site, protected locations. Additionally, we use continuous backups to allow for precise point-in-time recovery. These daily copies are retained for a 30-day period, providing a complete security net.
6. What network security measures does Andy use?
Our network infrastructure is a fortress.
We use AWS Virtual Private Cloud (VPC) to create isolated and secure network environments, ensuring your data operates in an exclusive space. For critical resource access, we apply VPN authentication, and we granularly manage network traffic with Access Control Lists (ACLs), shielding your information from unauthorised access.
7. What is Multi-Factor Authentication (MFA), and how is it implemented in Andy?
Multi-Factor Authentication (MFA) is your double shield. It’s a verification method that requires two or more forms of identification to confirm your identity.
At Andy, we implement MFA to access all our critical resources, using both physical devices and virtual MFA applications. It’s an extra layer of security that makes a significant difference.
8. What encryption protocols does Andy use to protect my data?
Your data is encrypted with the highest standards. Andy employs TLS (Transport Layer Security) to encrypt information while it travels across the network (data in transit), ensuring no one can intercept it.
For stored data (data at rest), we use AES (Advanced Encryption Standard) with 256-bit keys, a globally recognised standard for its robustness.
9. How often does Andy perform penetration tests?
We constantly test our defenses. We conduct regular penetration tests, at least annually, to identify and address any vulnerabilities in our systems. These tests simulate real-world attacks, allowing us to proactively evaluate and strengthen our security posture before any threat emerges.
10. What measures are taken for secure software development at Andy?
Security isn’t an add-on; it’s part of our DNA!
Our development process follows the best practices of secure coding and integrates regular security reviews at every stage of the software development lifecycle (SDLC), from initial design to final deployment. Security is built in from the ground up, not added at the end.
11. How does Andy respond to a security incident?
We’re always prepared.
We have a structured incident response plan that covers all phases: identification, containment, eradication, and recovery. Additionally, we maintain transparent communication protocols to inform all relevant stakeholders in a timely and clear manner. Speed and clarity are our top priorities.
12. How does Andy ensure GDPR compliance?
Privacy is a fundamental right. We rigorously comply with the General Data Protection Regulation (GDPR), ensuring personal data is processed lawfully, transparently, and for specific purposes.
We obtain user consent before data collection and guarantee timely notification of any data breaches, if they occur, to protect your privacy.
13. How does Andy handle threat monitoring and detection?
We’re on guard 24/7. We use advanced tools like AWS CloudWatch and AWS Security Hub for the early detection of threats and malicious activities.
These systems monitor and record all activities and changes in our AWS environment, allowing us to proactively identify and respond to any anomalies.
We hope this deep dive into Andy’s cybersecurity has given you the peace of mind you deserve.
Do you have more questions or would you like to delve deeper into any specific point? The conversation is open!