Trust is built, not declared.
Here is, in detail and without unnecessary jargon, how we protect your data — and our own, since this site runs on the very same principles.
Cloud Hosting
Your Odoo environments are hosted on Odoo.sh, AWS, or Google Cloud depending on your data-residency requirements, behind a CDN and a Cloudflare application firewall that filter out malicious traffic before it reaches your servers.
Firewalls & VPN
A pfSense firewall is deployed at the perimeter of every infrastructure. Remote administration access always goes through a VPN — never direct access exposed on the internet.
Backups & disaster recovery
Automated, encrypted backups, tested regularly, with a documented disaster recovery plan: if an incident occurs, your data can be restored quickly, not lost.
Access control
Fine-grained role and permission management in Odoo, the principle of least privilege, and strong authentication for privileged accounts. Every access is logged.
Compliance
Our practices draw on international standards (GDPR) and comply with Moroccan Law 09-08 on the protection of personal data (CNDP), notably for our camera-counting solutions.
This site practices what it sells
SOONTECH.ma is itself built with a strict security policy, published here in full transparency:
- HTTPS everywhere, TLS 1.3, HSTS enabled
- Strict Content-Security-Policy with nonces, X-Frame-Options, X-Content-Type-Options, Referrer-Policy
- Rate limiting on the contact form
- Systematic data validation (Zod on the client side, Pydantic on the server side)
- SameSite=Strict cookies, no secrets exposed in the code sent to the browser
- Continuous dependency scanning and static code analysis in continuous integration
- No personal data in URLs or technical logs
Our disclosure policy is published at /.well-known/security.txt