Project

General

Profile

Actions

Security and Privacy Policy

Status

This document is version 2020-02-05--1.

Introduction

The following chapters describe our policy in regards to security and privacy concerns.
This document is kept simple and short with the intention of being easy to understand.

Privacy

Logging only the necessary

Logs are taken only where necessary and kept only as long as relevant to operation procedure.
Specifically network traffic content is not logged.

Non disclosure

No information is given to the public about our customers or customer use cases.
An exception to this is prior public information or explicit consent from the customer.

Acting by Swiss law

According to Swiss laws, the only authority that is allowed to request network access
is the PTSS . It may only request access after a Swiss court ruling and only for
cases that violate Swiss law.

Access to data or network traffic from foreign entities

No access is granted.

Access to data or network traffic from domestic entities

Access to our infrastructure is granted based on Swiss laws and requires a Swiss court order.

Access to data or network traffic from our staff

For operational activities staff members can and will investigate network traffic to ensure the stability of our platform.
Access to customer specific data is strictly forbidden.

An exception to above rule is if the customer specifically granted permission for it.

Operational Security

Automatic security updates

All production systems are configured to automatically apply security updates where possible.

Regular audits

The infrastructure is audited in respect to security issues on regular basis, at least once per year.

Disk encryption

The disk of client devices from staff is to be encrypted.

Updated by Nico Schottelius 14 days ago · 7 revisions