We understand the documents you upload to Simul can contain sensitive information you want protected, and we take this very seriously.
All documents uploaded to Simul are stored using Microsoft’s Azure storage solution. When a new version is created the document is replicated three times in their UK data center and another three times in a remote region. In total, we store six copies of your documents 100s of kilometers apart. The documents are encrypted at all locations and during transmission from your device.
Microsoft are responsible for the backup procedures, replication and fail-over of Simul’s document storage as part of the Azure service.
In addition to the storage of documents, Simul needs to record metadata such as who edited a document and what changed.
Simul maintains its own database to store this data. This database is also hosted by Microsoft’s cloud platform in their UK datacenter. Backups are taken frequently and replicated three times within the UK data center and a further three times in a data center 100s of kilometers away.
In the event our UK data center is disrupted, we restore the most recent backup into our secondary European region and recreate any missing metadata from our transaction logs.
This process is entirely separate from the storage of the documents themselves.
Access is restricted to the underlying documents and metadata. Simul hosts an API which both the Simul website and Microsoft Word use to request or update a document.
This API authenticates the user using either their Microsoft Live Id, Google Account, Simul Username and Password or their SharePoint Online credentials. Simul treats all these sources as a trusted provider for identification.
Once authenticated, the API is responsible for validating the request against Simul’s metadata. The API will verify the user has access to the requested document and version; if so, the API will request the document on behalf of the user and forward it in.
Simul uses Stripe to process payments. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
Stripe collects payments details directly and issues Simul a token. This token ensures that no sensitive card data ever touches our servers. By leveraging Stripe, Simul Documents operates in a fully PCI compliant way.
This means Simul Documents only has access to your billing details (such as name and address) but not any credit card details. Stripe will authorize our payments each month and inform Simul if they are successful.