Frequently Asked Questions about Safespring, Datacenter, and Our Operations

Safespring follows European legislation and helps our customers avoid personal data transfers to third countries.

Amelia Andersdotter is your contact person for all information security questions. You can reach her at amelia.andersdotter @safespring.com.

Yes, at Safespring we are proud of our information security work and offer the opportunity to review our procedures. We are in the process of certifying according to the ISO27001 standard. For more information, please send an email to info@safespring.com and ask for Safespring's Cloud Controls.

For information about which subcontractors we use and for what purposes, please contact us and ask for our "Data Processing Agreement" Appendix 1 - Instructions and sub-processors. These choices of subcontractors are made carefully with regard to security, quality, and reliability.

Yes, we offer DPA agreements. To get a copy of the document, please contact us and ask for "General terms and conditions".

We have access to three secure data centers, two located in Stockholm (STO1 and STO2) and one in Oslo (OSL1), so our customers can choose the geographical location that best suits their needs.

Safespring always strives to offer the highest possible availability for our services. We provide a Service Level Agreement (SLA) of 99.9% uptime. Availability is calculated according to the Uptime Institute's definition. For more information, contact us and ask for our SLA.

Yes, we have an information security policy that describes our measures and guidelines to protect sensitive information and personal data. To access our information security policy, please contact us and ask for "Safespring Information Security Guidelines".

Physical access to our data centers is regulated by strict security procedures. All visits must be pre-registered with the data hall administration, and the visitor must present valid ID. Upon arrival at the data center, the visitor receives a temporary key card with a pin code that only works for the specific hall and the specific cage where our equipment is located.

To ensure the highest level of security, Safespring has the highest security classification according to MSB’s Tier 3. The data center is built according to standards specifically designed for availability requirements according to Tier-3, MSB’s highest physical classification for data centers. This includes security measures such as six different steps (barbed wire, physical guards, various security levels before reaching the servers), 24/7 CCTV surveillance, security guards, access barriers such as airlocks with fingerprint readers, and contactless key cards with biometric readers.

For more information about Safespring’s data center security, please read our document “Safespring Datacenter Security” at the following link: Safespring Datacenter Security.

Yes. The data halls have backup power systems that make the data center independent of the power grid. Fire detection with air analysis, server halls with IT-friendly extinguishing systems, and fire alarms directly connected to the alarm center. Powered by 100% green electricity.

The room temperature must not be allowed to vary outside the temperature limits of +18 °C to +23 °C. The room must be equipped with ventilation and cooling devices (of the precision cooling type). Underfloor cooling should be used. The ventilation and/or climate system should produce positive pressure. Temperature alarms, connected to the company’s regular alarm monitoring, must be present.

A device for regulating the room’s humidity should be used. Risks of liquid leakage from the cooling system must be considered. Supply air and air passing through climate equipment must be filtered. These filters must be changed regularly. Supply air ducts must be equipped with smoke detectors connected to fire dampers or automatic fan stops. Air exchange should be dimensioned according to the work environment requirements for the number of people intended to be continuously present in the room. Emergency cooling (additional cooling medium) must be available to ensure continuous operation. The cooling capacity of the room’s cooling system should be investigated but should be dimensioned with at least 2 kilowatts per square meter of area.

Read more about Safespring Datacenter Security.

Yes, we offer the possibility to use multiple locations as part of your Disaster Recovery strategy. The customer chooses which location will serve as their DR site.

Yes, we have regular tests for redundancy by our data center providers.

Safespring works with information security controls according to ISO 27001. Our policy instructions and controls are collected in our platform. We are currently in the process of certifying according to ISO27001 and expect to be ready during the second half of 2025.

Yes, we have a routine for handling changes in access rights when an employee changes position or leaves the company. We use hardware keys as a secure method to revoke access rights.

Yes, we have a continuity plan in place.

Yes, Safespring has an external DPO (Data Protection Officer) who reviews the company's information security work to ensure that it complies with applicable data protection legislation and information security standards.

Yes, we provide disk encryption to protect data at rest.

Yes.

Yes. We have backup and restore routines for our own systems. For customer data, this can be purchased as a service, but the customer is responsible for the restore routine.

Yes, we have established routines for incident management that include a structured process for handling and addressing various types of security incidents, including incident analysis, communication, recovery, and reporting. These routines ensure that we can quickly and effectively handle and resolve security incidents and minimize their impact on our customers' services and data.

Yes.

Yes, we regularly perform vulnerability scans to ensure that technical vulnerabilities are managed and addressed.

Available as an option via partners to Safespring.

Yes, we have a separate network for the administration of virtual hosts to ensure a high security standard and minimize the risk of security incidents.

We offer an SLA of 99.9%. This means we guarantee 99.9% availability for our services. This is linked to our SLA terms.