Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current Restore this Version View Page History

« Previous Version 2 Next »

Collabushare Security Statement

All capitalized terms not defined in Security Statement will have the meanings given to them in the Software and Services Agreement.

Collabushare maintains Security Measures that includes administrative, technical and physical safeguards for protection of the security, confidentiality and integrity of Customer Data.  

Security Measures are designed to:

  • protect the privacy, confidentiality, integrity, and availability of Customer Data in Collabushare’s possession or under its direct control;

  • protect against anticipated threats to the confidentiality, integrity, and availability of Customer Data;

  • protect against unauthorized or unlawful access, use, processing, disclosure, alteration or destruction of Customer Data;

  • protect against accidental loss or destruction of Customer Data; and

  • comply with applicable laws that are relevant to the handling, processing and use of Customer Data by Collabushare in accordance with the Agreement.

Collabushare will use commercially reasonable efforts to engage third parties to whom Collabushare provides Customer Data that implement and maintain security measures that Collabushare reasonably believes are at least as protective as those described in this Security Statement.

For third parties, such as its hosting provider, who store, control, process or manage Customer Data, Collabushare is responsible for assessing their control environments to determine that security measures and controls designed to meet the above objectives are in place. 

Collabushare Security Measures include the following, as more particularly described below:

·        Multifactor authentication

·        Inactivity time-out

·        Encrypted third-party access

·        SSL AES 256-bit encryption

  • Software and Customer Data hosted on Amazon Web Services  

Data Hosting, Storage and Backups

Collabushare servers are located in Amazon Web Services (AWS) Virginia (US) datacenter.

AWS engages qualified third party auditors to conduct regular service organization controls audits conducted under Statement on Standards for Attestation Engagements (SSAE) 16 (or alternative industry standard) in relation to the data centre service locations from which it provides services and produces and makes available to customers a Service Organization Controls 1, Type 2 report (“SOC 1 Report”) and Service Organization Controls 2, Type 2 report (“SOC 2 Report”).

All data is written to multiple disks instantly, backed up daily, and stored in multiple availability zones. Files that Collabushare customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure. Our software infrastructure is updated regularly with the latest security patches.

Encryption at Rest and In-Transit

Over public networks we send data using strong encryption. Collabushare utilizes SSL certificates issued by Heroku. Encryption-at-rest of databases is achieved using AWS’ transparent disk encryption, which includes industry standard AES-256 encryption to secure all volume (disk) data.  All keys are fully managed by AWS. Backups are stored on Amazon S3 and encryption is performed via server-side encryption.  

Files uploaded to Mav are stored in private S3 buckets that require a one-time use, time-limited tokens for access.

Physical Security

Our application and data servers are located in AWS's Virginia datacenter. More information about their controls, including physical security, can be found here.

Access Control and Organizational Security

Personnel

All our employees and contractors (workers) sign confidentiality agreements before gaining access to our code and data. Everybody at Collabushare is trained and made aware of security concerns and best practices for their systems. Remote access to production systems is limited to workers who need access for their day-to-day work. We log all access to all accounts by IP address.

Employee and contractor computers (including desktop computers) are required to have and maintain full hard drive encryption. Additionally, laptop computers are required to use a VPN service when using the device outside of their home.

Payment Security

All payments are handled by a third party payment processor, Stripe. Customer payment information is sent directly to Stripe and never stored on Collabushare servers. All payment requests bypass Collabushare servers completely ensuring sensitive payment information also does not appear in Collabushare logs.

For more information about Stripe’s security controls, you can visit their security page.

Notification

Any security concerns or vulnerabilities discovered in the Collabushare platform or hosted services can be disclosed by emailing support@collabushare.com