A. USER SECURITY
User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. Coloom issues a session cookie only to record encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
User application passwords have minimum complexity requirements. Passwords are salted and hashed.
3. Data Encryption:
Certain sensitive user data, such as account passwords, are stored in encrypted format. Credit card details are not stored in our database.
5. Data Residency:
All Digitalgrad user data is stored on servers located in Germany.
We use fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
Servers have redundant internal and external power supplies, as well as environmental controls. Data centers have backup power supplies, and are able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
Continuous uptime monitoring, with immediate escalation to Digitalgrad staff for any downtime.
All our systems are tolerant to single node failures within failover times of less than 3 seconds.
5. Data resilience:
There are three replicas of all user data.
C. NETWORK SECURITY
System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
Firewalls restrict access to all ports except 80 (http), 443 (https).
3. Access Control:
Role-based access is enforced for systems management by authorized engineering staff.
4. Encryption in Transit:
Communications with the Coloom website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients. Our application endpoints are TLS only and score an “A” rating on SSL Labs‘ tests. We also employ Forward Secrecy and only support strong ciphers for added privacy and security.
D. VULNERABILITY MANAGEMENT
Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
E. ORGANIZATIONAL & ADMINISTRATIVE SECURITY
1. Employee Screening:
We perform background screening on all employees in compliance within local laws. No Digitalgrad employees ever access private accounts unless required to for support reasons. Support staff may sign into your account to access settings related to your support issue. In rare cases staff may need to make a copy of your data pod, this will only be done with your consent. When working a support issue we do our best to respect your privacy as much as possible, we only access the data and settings needed to resolve your issue. All copied data pods are deleted as soon as the support issue has been resolved.
We provide security and technology use training for employees.
3. Service Providers:
We screen our service providers and bind them under contract to appropriate confidentiality and security obligations.
F. SOFTWARE DEVELOPMENT PRACTICES
1. Coding Practices:
Our engineers use best practices and industry-standard secure coding guidelines.
We deploy code regularly giving us the ability to react quickly in the event of a bug or vulnerability being discovered within our code.
G. COMPLIANCE & CERTIFICATIONS
All payment details are transmitted over a secure connection (Secure Socket Layer-SSL) and stored in compliance with PCI DSS (Payment Card Industry Data Security Standards) 3.1.
H. HANDLING & SECURITY BREACHES
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Digitalgrad learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.
I. YOUR RESPONSIBILITIES
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any user data you download to your own computer away from prying eyes.
J. CREDIT CARD SAFETY
When you sign up for a paid account on Coloom, we do not store any of your card information on our servers. It’s handed off to our payment provider, a company dedicated to storing your sensitive data on PCI-Compliant servers whose security is recertified every year passing international banking standsrds.
You have a question, concern, or comment about the Coloom-security? Please contact us via email: firstname.lastname@example.org