Nico Schottelius, 02/05/2020 10:11 AM
This document is **version 2020-02-05--1**.
The following chapters describe our policy in regards to security and privacy concerns.
This document is kept simple and short with the intention of being easy to understand.
h3. Logging only the necessary
Logs are taken only where necessary and kept only as long as relevant to operation procedure.
Specifically network traffic **content** is not logged.
h3. Non disclosure
No information is given to the public about our customers or customer use cases.
An exception to this is prior public information or explicit consent from the customer.
h3. Acting by Swiss law
According to Swiss laws, the **only** authority that is allowed to request network access
is the "PTSS":https://www.li.admin.ch/en . It may only request access after a Swiss court ruling and only for
cases that violate Swiss law.
h3. Access to data or network traffic from foreign entities
No access is granted.
h3. Access to data or network traffic from domestic entities
Access to our infrastructure is granted based on Swiss laws and requires a Swiss court order.
h3. Access to data or network traffic from our staff
For operational activities staff members can and will investigate network traffic to ensure the stability of our platform.
Access to customer specific data is strictly forbidden.
An exception to above rule is if the customer specifically granted permission for it.
h2. Operational Security
h3. Automatic security updates
All production systems are configured to automatically apply security updates where possible.
h3. Regular audits
The infrastructure is audited in respect to security issues on regular basis, at least once per year.
h3. Disk encryption
The disk of client devices from staff is to be encrypted.