We’ve designed our cloud platform to offer you a "secure by default" experience. We’re aware that you entrust us with your data. We also know that trust is not only hard to gain, but also easy to lose. That's why we’ve done everything to keep ActiveCollab as safe as possible.
Our system is tailored to keep customer data sets separate. This means that every cloud instance has a unique database, as well as its own place in the filesystem. Your data will be stored in a database that is yours only and no one else can access it (except our personnel, if you grant access). Thus, no data overlapping is possible and you can be sure that your data will never end up in someone else's hands.
We make sure that every under-the-hood service needed to run our cloud is up-to-date. The same goes for the application itself, which always runs the latest version of ActiveCollab. The cloud is also the first place that gets security fixes.
Every connection to your cloud account is SSL only. Non-encrypted communication is not allowed. We also follow all best HTTPS security practices. That means we use HTTP Strict Transport Security as well as Forward secrecy. Strong AES256 encryption is used to handle the transmission (some older browsers fallback to the AES128 cipher, which is still strong enough).
All cloud systems are redundant. We use a multiple layer infrastructure architecture - load balance, application, database, storage layer. Every layer is replicated. Along with the standard MySQL replication, we even utilize a delayed MySQL replica, which leaves us time to go back in time if needed, without restoring backups (which would be more time consuming). Backups are done regularly over the day, on-site as well as off-site. They are also regularly tested.
Our system is monitored around the clock, using internal as well as external services. In case of a problem, we get a report in real time and are instantly ready to take care of any potential issues.
The whole system is behind a firewall. Just the necessary ports are open to the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is enabled only over a VPN connection.
The server systems are located in Canada, United States and France. Building entrance activities are monitored and recorded. Access to the elevator and stairwells requires keycard access or security guard assistance. Access to the floor requires two factor authentication of keycard and biometric scan. Entrance to the facility is through a man trap, requiring the outside door to be closed prior to the inside door opening. The facility itself is manned, monitored and recorded 24x7. Servers are kept in individually locked cabinets. Removal of hardware is prohibited without administrative approval. Temporary access is escorted by facility personnel.
If you have any questions or concerns regarding data security, get in touch with us. This email address is protected, so please use our public key to keep that conversation confidential. Our team will gladly help you with any security questions you may have!