- Table of contents
- Operational Security
This document is version 2020-02-05--1.
The following chapters describe our policy in regards to security and privacy concerns.
This document is kept simple and short with the intention of being easy to understand.
Logging only the necessary¶
Logs are taken only where necessary and kept only as long as relevant to operation procedure.
Specifically network traffic content is not logged.
No information is given to the public about our customers or customer use cases.
An exception to this is prior public information or explicit consent from the customer.
Acting by Swiss law¶
According to Swiss laws, the only authority that is allowed to request network access
is the PTSS . It may only request access after a Swiss court ruling and only for
cases that violate Swiss law.
Access to data or network traffic from foreign entities¶
No access is granted.
Access to data or network traffic from domestic entities¶
Access to our infrastructure is granted based on Swiss laws and requires a Swiss court order.
Access to data or network traffic from our staff¶
For operational activities staff members can and will investigate network traffic to ensure the stability of our platform.
Access to customer specific data is strictly forbidden.
An exception to above rule is if the customer specifically granted permission for it.
Automatic security updates¶
All production systems are configured to automatically apply security updates where possible.
The infrastructure is audited in respect to security issues on regular basis, at least once per year.
The disk of client devices from staff is to be encrypted.
Updated by Nico Schottelius about 3 years ago · 7 revisions