From storing, transferring, accessing, backing up, monitoring, to testing & reviewing our security procedures, every aspect is covered to meet industry best practice standards.
Our top priority is customer satisfaction and we would never do anything with
your data that we wouldn't be proud to tell the world about.
All ubHRM data is hosted on Amazon Web Services (AWS). We take advantage of all the security and
privacy features AWS provides, plus our team takes additional pro-active measures to maintain a secure
infrastructure and make sure there are always multiple backups for infrastructure disaster recovery purposes
(though we can't offer backup in case of user made erorrs on a per account basis).
For more specific details
regarding how AWS keeps data secure, please refer to https://aws.amazon.com/security/.
We don't publicize exactly what features, services, and data center we use for security reasons, but we can
give you a brief overview of how we make sure your data is safe. We recommend you also review our Terms of Use and Privacy Policy.
AWS maintains an impressive list of reports, certifications, and independent
assessments to ensure complete and ongoing state-of-the-art data center security. They have many years of
experience in designing, constructing, and operating large-scale data centers, which makes them the industry
standard when it comes to security.
The exact physical location of the data center that stores ubHRM data is private. Only those
within Amazon who have a legitimate business know the actual location of Amazon's data centers.
Additionally, data centers are secured with a variety of physical controls to prevent unauthorized access.
The main data location is Frankfurt, Germany. But, we have caching mechanisms that enable fast data access
in other parts of the world for performance purposes. This means data is NOT exclusively stored in Germany
but across multiple servers across the world so everyone can quickly access ubHRM no matter where they
are. If you're self-hosting ubHRM, you choose where the data is located exclusively.
All ubHRM servers are run from own virtual private clouds (VPCs), with
rules that prevent unauthorized requests from entering our network.
ubHRM infrastructure is hosted in a fully redundant, secure VPN environment, with access restricted
to operations support staff only.
This way we can leverage complete firewall protection, private IP
addresses, and other security features.
The whole system on which ubHRM runs is behind a firewall and only the necessary ports are open to
the outside network. Also, only authorized personnel, using SSH keys, have access to the system. Access is
enabled only over a VPN connection.
All data to and from ubHRM is sent securely over HTTPS. The initial
connection is established over 2048 bit TLS, and the rest of the communication happens over 256 bit SSL.
This is the standard technology for keeping an internet connection secure and prevents anyone from reading
and modifying any information. Any data transferred between a user and ubHRM is impossible to read
or modify.
We use the same level of encryption as do banks and financial institutions. All data is encrypted using
SHA256withRSA algorithms, which scramble data in transit, preventing hackers from reading it.
Your company-specific data inside ubHRM is kept separate through a logical separation at the data
tier, based on application-level access permissions and roles you set up in your workspaces.
All ubHRM data is encrypted at rest.
At-rest encryption means that all our databases, files, and other
storages of content have their files encrypted when they're backed up or otherwise sitting idle. If someone
was somehow able to get ahold of a backup of the database, it'd be useless, because they wouldn't have the
key to decrypt it.
Our system is constantly monitored. We get reports in real time so we can
instantly react in case a potential issue arises. All actions taken on production consoles are logged.
We constantly monitor security, performance, and availability. We run automated security testing on
an ongoing basis. We prioritize, resolve, and deploy discovered security issues quickly after discovery.
Because we follow Continuous Delivery and Deployment best practices, we can update ubHRM on a daily
basis and fix things as soon as we see them.
We never access your data in ubHRM, unless required for support reasons and with your explicit
permission.