NSnappy Security Guidelines

General Information About NSnappy Cloud Service and Security

NSnappy is a cloud service accessed via an internet browser, and it is subject to all general security guidelines applicable to similar services. The provider of the NSnappy cloud service is Nokeval Oy.

The NSnappy service always uses encrypted data transfer (HTTPS protocol) between the user's device and the cloud service. Whenever the service transmits data over the internet, the data is strongly encrypted. The service provider employs extremely strong passwords for internal systems, and access to these systems is restricted to only essential personnel. Passwords for the service are not stored in plaintext, and the service provider has no means of retrieving any user's password. The service's database is not directly accessible from the internet.

Summary: The service provider is responsible for the security of the cloud service, while the user is responsible for maintaining security within the service. Users always bear personal responsibility for using the service securely, and this document provides guidance on how to do so safely.

User Authentication

Logging into the service requires authentication with a username and password. The username must be a valid email address. The service sends instructions and confirmation of the created user account via email, through which the user can log in to the service.

The user must change the temporary password upon first login. For security reasons, the temporary password expires within 90 days if the user does not activate their account and change the password before that time.

Password Policies

The service requires passwords to meet a minimum security standard. The password must fulfill the following requirements:

• At least 10 characters in length

• At least one lowercase letter

• At least one uppercase letter

• At least one number

Passwords may also contain spaces. We recommend using passphrases of at least 15 characters, consisting of multiple words, preferably in different grammatical forms. These passphrases are easier to remember than shorter passwords with random characters.

The password for a personal user account should never be shared with anyone, even upon request.

Passwords should never be stored in plaintext. We recommend using reputable password management services ("password managers") for secure storage.

The user is responsible for the use of their username and password and for keeping the password safe. The service provider is not liable for any unauthorized use of the service or potential damages resulting from careless storage, use, or disclosure of passwords.

Shared Use

For shared devices, we recommend using shared accounts with the most restricted access rights possible. All individuals who have access to a shared account and its password are jointly responsible for its use and for keeping the password secure.

If a personal user account is used on a shared device, it is essential to log out after use. This should be done by selecting "Log Out" from the "My Settings" menu.

Internet Browser

The internet browser used plays a significant role in security when accessing cloud services. We recommend using the latest versions of well-known browsers such as Chrome, Edge, Firefox, or Safari. Always update your browser to the latest version when prompted. The NSnappy cloud service cannot be used with the outdated Microsoft Internet Explorer browser.

Data Stored in the Service

Only store information that is intended to be saved in the service according to your organization's guidelines. You can obtain more details about this in the service training, from your service contact person, or from the service provider’s customer support.

Never store sensitive personal data or any other personal information in the service unless you and your organization have the legal authorization to process such data.

The NSnappy cloud service privacy policy can be found here.