Data Localization
All our data is located within the European Union. Furthermore, our processing does not require international transfers, and we maintain strict control over our providers regarding data protection.
In the case of GlobalSuite, information is stored exclusively in data centers located in various European regions, operated by Digital Realty, Amazon Web Services (AWS) in their European regions, and Microsoft Azure in their regions also located within the EU.
Information Storage Architecture
To ensure its availability, our information is located in our data centers.
We have an architecture composed of different storage nodes, which provides us with adequate processing capacity and ensures data availability, offering a first line of protection against environmental risks or natural disasters affecting one or more availability zones.
Backups and Data Recovery
We have information backup processes that allow data recovery in the event of a security incident.
GlobalSuite's backups follow a 3-2-1-0 strategy. This means maintaining at least three copies of each piece of data, stored on two different types of media or locations, with at least one copy in an alternative location, and ensuring that all copies have been verified and are error-free (zero errors) before being considered valid.
Backups are encrypted at rest using AES-256 and stored in immutable repositories that ensure data integrity and prevent deletion or manipulation by malicious actors or unauthorized software.
All backups undergo periodic validation processes to ensure their consistency and proper restoration if necessary. Snapshots are retained for 30 days, in line with our continuity strategy and with an RPO of less than 12 hours.
To enhance the security of the backup environment, the backup infrastructure operates on segregated networks, and the backup and replication service incorporates advanced malware detection capabilities, contributing to early threat protection.
Data in the Development Process
At GlobalSuite Solutions, we apply a secure development strategy designed to ensure that our customers' information remains protected throughout all phases of the software lifecycle. One of the fundamental principles of this strategy is that no real production data is used in non-production environments, such as development, testing, or pre-production validations.
All data used in these environments is desensitized, anonymized, or synthetically generated to prevent any possibility of exposing confidential or sensitive information. As an additional preventive measure, the development team does not have direct access to production data, and only strictly authorized personnel from the operations area, under controlled and audited procedures, can access it when it is essential for service continuity.
The development, testing, and production infrastructure is completely segregated, both logically and at the network level. This ensures that lateral movement between environments is impossible and that any automated process (such as CI/CD) operates exclusively with non-sensitive artifacts and data.
All access and activity in environments related to data, whether productive or not, is logged, monitored, and subject to audit, ensuring full traceability and early detection of anomalous behavior.
Additionally, the software build and deployment processes integrate continuous security controls: code reviews, automated analyses, validations, tests, and integrity checks that ensure data processing in the development process is always secure, controlled, and aligned with the highest protection standards.
With this set of measures, we ensure that even during the internal development of the platform, our customers' data is fully protected and maintained under strict principles of confidentiality, integrity, and minimization.