Project

General

Profile

Security and Privacy Policy » History » Version 5

Nico Schottelius, 02/05/2020 09:39 AM

1 1 Nico Schottelius
h1. Security and Privacy Policy
2
3 2 Nico Schottelius
{{toc}}
4
5 1 Nico Schottelius
h2. Status
6
7
This document is **PRE PRODUCTION**
8
9
h2. Introduction
10
11
The following chapters describe our policy in regards to security and privacy concerns.
12 4 Nico Schottelius
This document is kept simple and short with the intention of being easy to understand.
13 1 Nico Schottelius
14 5 Nico Schottelius
h2. Privacy
15 1 Nico Schottelius
16 5 Nico Schottelius
h3. Logging only the necessary
17 1 Nico Schottelius
18
Logs are taken only where necessary and kept only as long as relevant to operation procedure.
19
Specifically network traffic **content** is not logged.
20
21 5 Nico Schottelius
h3. Non disclosure
22 1 Nico Schottelius
23
No information is given to the public about our customers or customer use cases.
24
An exception to this is prior public information or explicit consent from the customer.
25
26 5 Nico Schottelius
h3. Acting by Swiss law
27 1 Nico Schottelius
28
According to Swiss laws, the **only** authority that is allowed to request network access
29
is the "PTSS":https://www.li.admin.ch/en . It may only request access after a Swiss court ruling and only for
30
cases that violate Swiss law.
31
32 5 Nico Schottelius
h3. Access to data or network traffic from foreign entities
33 1 Nico Schottelius
34
No access is granted.
35
36 5 Nico Schottelius
h3. Access to data or network traffic from domestic entities
37 1 Nico Schottelius
38
Access to our infrastructure is granted based on Swiss laws and requires a Swiss court order.
39
40 5 Nico Schottelius
h3. Access to data or network traffic from our staff
41 1 Nico Schottelius
42
For operational activities staff members can and will investigate network traffic to ensure the stability of our platform.
43
Access to customer specific data is strictly forbidden.
44
45
An exception to above rule is if the customer specifically granted permission for it.
46 5 Nico Schottelius
47
h2. Operational Security
48
49
h3. Automatic security updates
50
51
All production systems are configured to automatically apply security updates where possible.
52
53
h3. Regular audits
54
55
The infrastructure is audited in respect to security issues on regular basis, at least once per year.