Security & Infrastructure

Trust is built, not declared.

Here is, in detail and without unnecessary jargon, how we protect your data — and our own, since this site runs on the very same principles.

[ 01 ]

Cloud Hosting

Your Odoo environments are hosted on Odoo.sh, AWS, or Google Cloud depending on your data-residency requirements, behind a CDN and a Cloudflare application firewall that filter out malicious traffic before it reaches your servers.

[ 02 ]

Firewalls & VPN

A pfSense firewall is deployed at the perimeter of every infrastructure. Remote administration access always goes through a VPN — never direct access exposed on the internet.

[ 03 ]

Backups & disaster recovery

Automated, encrypted backups, tested regularly, with a documented disaster recovery plan: if an incident occurs, your data can be restored quickly, not lost.

[ 04 ]

Access control

Fine-grained role and permission management in Odoo, the principle of least privilege, and strong authentication for privileged accounts. Every access is logged.

[ 05 ]

Compliance

Our practices draw on international standards (GDPR) and comply with Moroccan Law 09-08 on the protection of personal data (CNDP), notably for our camera-counting solutions.

This site practices what it sells

SOONTECH.ma is itself built with a strict security policy, published here in full transparency:

  • HTTPS everywhere, TLS 1.3, HSTS enabled
  • Strict Content-Security-Policy with nonces, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
  • Rate limiting on the contact form
  • Systematic data validation (Zod on the client side, Pydantic on the server side)
  • SameSite=Strict cookies, no secrets exposed in the code sent to the browser
  • Continuous dependency scanning and static code analysis in continuous integration
  • No personal data in URLs or technical logs

Our disclosure policy is published at /.well-known/security.txt

A question about our security or your compliance needs?

Contact us
Book a Call