Security

At High Mobility, we take security seriously. We map our security program to industry standards such as ISO 27001 and the TISAX mechanism. In our daily business, we continuously deal with information and data that is sensitive to us, our stakeholders and customers. While this is true to all digital companies, it is essential for us to operate a vehicle data platform that earns the trust from vehicle owners to safely and securely deliver the data that their vehicle generates to verified third parties. Therefore, we are constantly looking for ways to not only improve security for our product, but also with how we conduct business on a daily basis.
While we believe that security is everyone’s responsibility, our program is led by the Information Security Officer.

‍High Mobility cultivates a mindset of “Security-by-design” and “Privacy-by-design”, and to be ready for any type of incidents related to information security, we have gone ahead and implemented a company wide Information Security Management System (ISMS) according to the best practices set out in the ISO 27001 standard.

Our payment processor, Stripe is a certified Level 1 Service Provider. ‍High Mobility never has access to raw payment details.

High Mobility fully complies with GDPR regulations.

‍High Mobility is dependent on close collaboration with automotive manufacturers, and we have gone the extra mile and get Trusted Information Security Assessment Exchange (TISAX) certified. This certification is an information security standard that has been introduced by the German automotive industry with full adoption.

Employees have unique logins for all business critical systems and two-factor authentication is enforced wherever possible. We conduct regular access audits and operate on the principle of least privilege.

All employees ensure that confidential information in hardcopy or electronic form is secure at all times. The computer screens are locked when the workspaces are unoccupied; any internal or sensitive information is removed from the desk at the end of the workdays, plus several other measures that enforce the "Privacy by Design" mindset.

All employee laptops and smartphones have encrypted hard drives and are always kept up to date with the latest operating system.

The internal networks in both of our offices are restricted, segmented and password protected. The password changes frequently. Wether on computer or smartphone, only WPA2/WPA3 protected networks are allowed to be used.

As part of our commitment to ensure that every member of our team understands the role they play when it comes to security, we provide ongoing information security training throughout the year. Each new employee attends an Information Security Management System (ISMS) session within the first month of hire.

‍High Mobility's data platform is primarily hosted in AWS, giving us access to the benefits they provide their customers such as physical security, redundancy, scalability and key management.

In addition to the benefits provided by AWS, our application has additional built in security features:

- Role based permissions
- Data segregation

‍High Mobility stores the following customer data in its cloud:
‍
- Name (mandatory)
- Email address (mandatory)
- Payment history and invoices (credit card data is stored and processed by Stripe)
- Phone Number
- Billing address
- Company
- Location (city, country)

SSL Encryption is used throughout ‍High Mobility to protect public and non-public data from unauthorised access.
‍
All communication between ‍High Mobility users and the our web application is encrypted-in-transit while using the application. All databases and database backups are encrypted at rest.

Customers can request all of their data, or have it deleted by sending an email to: data-protection@high-mobility.com as long as it is not subject to a legal hold or investigation.

Once an account or project is deleted, all associated data (account settings, etc.) are removed from the system within 24 hours. This action is irreversible.

Customer data is limited to only those with roles that require access to perform their job duties. An example of this is our Support team.

Access to our data platform administrator panel is strictly given on an individual basis. The admin panel allows to see registered customers and applications. With elevated permissions, it’s also possible to trigger sensitive operations such as account suspension. Any such “write” operation within the admin panel needs the explicit consent from one other admin with the same access permissions.

High Mobility conducts pentests at least annually. In addition to regular pentesting, we also use scanning tools to monitor and detect vulnerabilities.

If you believe you have discovered a vulnerability within High Mobility’s application, please submit a report to us by emailing security@high-mobility.com. We do not participate in a bug bounty program at this time, nor do we provide monetary rewards for findings.

If you believe your account has been compromised or you are seeing suspicious activity on your account please report it to:
‍security@high-mobility.com.