Security and Privacy Policy » History » Revision 5

Revision 4 (Nico Schottelius, 02/05/2020 09:35 AM) → Revision 5/7 (Nico Schottelius, 02/05/2020 09:39 AM)

h1. Security and Privacy Policy 


 h2. Status 

 This document is **PRE PRODUCTION** 

 h2. Introduction 

 The following chapters describe our policy in regards to security and privacy concerns. 
 This document is kept simple and short with the intention of being easy to understand. 


 h2. Privacy 

 h3. Logging only the necessary 

 Logs are taken only where necessary and kept only as long as relevant to operation procedure. 
 Specifically network traffic **content** is not logged. 

 h3. h2. Non disclosure 

 No information is given to the public about our customers or customer use cases. 
 An exception to this is prior public information or explicit consent from the customer. 

 h3. h2. Acting by Swiss law 

 According to Swiss laws, the **only** authority that is allowed to request network access 
 is the "PTSS": . It may only request access after a Swiss court ruling and only for 
 cases that violate Swiss law. 

 h3. h2. Access to data or network traffic from foreign entities 

 No access is granted. 

 h3. h2. Access to data or network traffic from domestic entities 

 Access to our infrastructure is granted based on Swiss laws and requires a Swiss court order. 

 h3. h2. Access to data or network traffic from our staff 

 For operational activities staff members can and will investigate network traffic to ensure the stability of our platform. 
 Access to customer specific data is strictly forbidden. 

 An exception to above rule is if the customer specifically granted permission for it. 

 h2. Operational Security 

 h3. Automatic security updates 

 All production systems are configured to automatically apply security updates where possible. 

 h3. Regular audits 

 The infrastructure is audited in respect to security issues on regular basis, at least once per year.