# Service Description

Some commercial contracts we make with our customers may require us to describe certain aspects of our service. In the spirit of transparency, we publish the description here.

# A detailed specification of the content and implementation of the service

Security researchers who produce security content send their findings to badrap.io. Users who consume security content sign up to badrap.io to register their assets and receive targeted information related to those assets. Users may also choose to share their assets to security researchers to receive more content.

# The supplier's subcontractors who process personal data

We do not subcontract the processing of personal data. We may have data recipients. An up-to-date list of data recipients is always available at https://docs.badrap.io/privacy.html (opens new window) .

# The procedures in place to secure (backup) the client's material in the service

We only store a minimal amount of configuration information to relay relevant messages to and from you. We design and operate the service so that encryption is used for data transfer and storage whenever possible, according to standard security practices.

We backup our production database at least once per day. We store these backups for a minimum of seven days.

# Installation, modification and maintenance windows

As we are serving a global audience, we may perform installations, modifications and maintenance around the clock. Typical service interruptions are minimal, lasting only a few seconds or minutes.

# The location where the service is produced

All data in our service is stored in data centres within the EU. Maintenance and management are conducted in Finland. See our privacy policy for more details: https://docs.badrap.io/privacy.html (opens new window).