Skip to content

nps.today – Security & Requirements

nps.today is a dedicated tool to measure loyalty and customer experience.

Platform

nps.today is built for online use and requires no IT integration or local installation. Other technical requirements are described below.

Requirements

  • Internet access
  • Operating system
    • Pc: Windows 7 or newer
    • Mac: Mac OS X 10.10 or newer
  • Browser
    • Google Chrome version 50 or newer
    • Microsoft Edge 120 or newer
  • Outlook (Nps.today Outlook integration)
    • Outlook 2016 (build >16.0.12527) or newer for Outlook support.
  • Microsoft Excel
    • Version 2010 or newer for full advanced pivot support in the report module

Security

Data is stored in Microsoft Azure Datacenter in EU, in Amsterdam, Holland and with Fail Over to Dublin, Ireland. Read more here: Center for security and rights for Microsoft Azure.

Microsoft comply to the strongest regulations for security and has the highest standards for certification. Read more here.

Access to data is via website hosted on Azure and thus protected according to all guidelines and standardized technologies from Microsoft. Passwords are hashed with the strong hashing algorithm (SHA-256) and TLS (https) is used for all web calls.

Emails are sent via Flowmailer(NL) and SMS via LinkMobility.

For Non-EU customers, Email and SMS surveys are sent via Twilio / SendGrid (US based), with signed EU Model Clauses.
Twilio/SendGrid comply to strong security requirements as well as personal data protection.

Data handling is controlled by CSA.
nps.today handles data confidential and only stores data on local equipment with customer approval. If required, data handling can be performed at the customer site on customer equipment, to avoid nps.today access to data (from our equipment) or copies of customer data.

Every provider used is secured by two-factor authentication, required for every account that we have.

Identity/User Management

User authentication is controlled via OAuth 2.0 Standard with limited access tokens. Access to data is therefore only available to the authenticated customer. Additionally is Row-level Security (RSL) enforced to secure access restrictions.
Application access with relations to integrations are based on API-keys which always can be revoked both by Nps.today or by the customer itself with immediate enforcement.

Data Storage

Firewall

Access to the databases is limited to approved IP addresses in order to prevent unauthorized access. Approval of specific IP addresses can only be provided by requesting it from an administrator.

Encryption

The databases are configured for “Transparent data encryption”, which means that all data in the database, backups and logs are always encrypted at rest.

Transparent data encryption

DDoS prevention

We utilize "Under Attack Mode" strategy to prevent attacks.
This is put in place to prevent attacks e.g. som DDoS(Distributed Denial Of Service).

API Throttling

By leveraging API throttling we prevent our API from being abused by DDoS attacks. This is done by limiting the respective IP addresses that try to access our services. API throttling does also secure a “fair use” of our services to prevent single customers/users to abuse the services.