forked from opengisch/qfield.cloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
security.html
181 lines (171 loc) · 8.12 KB
/
security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
<!DOCTYPE html>
<html lang="en" class="h-100">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no"
/>
<meta name="color-scheme" content="dark light" />
<link
rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"
/>
<link
rel="stylesheet"
type="text/css"
href="css/base.css"
/>
<link
rel="stylesheet"
type="text/css"
href="css/custom.css"
/>
<link
rel="shortcut icon"
type="image/png"
href="img/favicon.ico"
/>
<title>QFieldCloud - TOS</title>
</head>
<body class="d-flex flex-column h-100">
<!-- NAVBAR -->
<nav class="navbar navbar-expand navbar-light nav-fill w-100 bg-primary" >
<a href="/">
<img
src="img/logo_sidetext.white.svg"
alt="QFieldCloud"
class="logo-nav qfc-header-logo ml-1"
/>
</a>
<ul class="navbar-nav ml-auto">
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="/#features">Features</a>
</li>
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="/faq.html">FAQ</a>
</li>
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="https://docs.qfield.org/get-started/tutorials/get-started-qfc/" target="_blank">Documentation</a>
</li>
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="/pricing.html">Pricing</a>
</li>
<li class="nav-item ml-2">
<a class="btn btn-primary" href="https://app.qfield.cloud/accounts/signup/"
>Register</a
>
</li>
<li class="nav-item ml-2">
<a class="btn btn-success" href="https://app.qfield.cloud/"
>Sign In</a
>
</li>
</ul>
</nav>
<!-- SECURITY SPECIFICATIONS -->
<main role="main" class="p-3">
<div class="container">
<div
class="pricing-header px-3 py-3 pt-md-5 pb-md-4 mx-auto text-center"
>
<h1 class="display-4">QFieldCloud Security Specifications</h1>
</div>
<p>Making the security of your data a top priority is integral to our commitment at QFieldCloud. We understand that trusting an external entity with your data is a significant decision.</p>
<h2>Overview of Security Measures</h2>
<p>The QFieldCloud service is protected by security measures on several levels. This includes hardening the infrastructure with a firewall and an intrusion detection system as well as regular backups, monitoring, encryption and following best practices for developing and deploying the system.</p>
<h2>Encrpytion</h2>
<p>All communication with QFieldCloud is encrypted via SSL / HTTPS.</p>
<h2>Access Control</h2>
<p>The service uses Role Based Access Control. Users need to authenticate with username and password or token. Authorization is managed based on organization, team and user configuration.</p>
<h2>Incident Response and Monitoring</h2>
<p>We are constantly monitoring our services and receive alerts whenever something unexpected happens. This gives us the possibility to react quickly and efficiently.</p>
<p>When incidents are detected we keep our users informed about the status via <a href="https://status.qfield.cloud">status.qfield.cloud</a> and provide follow-up analysis on incidents.</p>
<h2>Data Backup and Recovery</h2>
<p>All data stored within QFieldCloud is regularly backed up in a different location. Some of the data is replicated in real time, other parts are backed up based on a regular schedule which guarantees that no data older than 12 hours is without a backup.</p>
<h2>Payment</h2>
<p>Payments are handled by Stripe, a certified PCI Service Provider Level 1.</p>
<p>We do not store any credit card information; we only store identifiers that reference Stripe data.</p>
<h2>Compliance</h2>
<p>QFieldCloud is compliant with relevant data protection laws and regulations; for more detail consult the <a href="privacy.html">privacy statement</a>.</p>
<p>Data is processed in data centers within Switzerland, operated by Exoscale and flow.swiss. All data centers are ISO 27001 certified.</p>
<h2>Software Development Security</h2>
<p>Security is a fundamental subject throughout the development of QFieldCloud. Each code change is reviewed thoroughly before being integrated into a release. We also maintain a comprehensive suite of tests which is continuously run on the code base.</p>
<h2>Third-Party Security</h2>
<ul>
<li>Stripe is used for payment processing. The connection to Stripe is encrypted and authenticated. All errors during payment failures are stored by Stripe for detailed logging. All sensitive information like tokens is removed before transmission.
<li>Sentry is integrated for performance and error monitoring. User identifiers as well as error messages are attached to errors. The connection to Sentry is encrypted and authenticated. All sensitive information such as tokens and passwords is removed before any data is sent to Sentry.
</ul>
<h2>Contact Information</h2>
<p>If you need to get in touch with the team for critical security purposes, please reach out to <a href="mailto:security@qfield.org">security@qfield.org</a>.</p>
<h2>Updates and Revision History</h2>
<p>We are committed to continue to improve and document security and will keep this information updated as security of QFieldCloud evolves over time.</p>
<ul>
<li>3.2.2024 - Initial version
</ul>
</div>
</main>
<!-- FOOTER -->
<footer class="footer mt-auto py-3">
<div class="container">
<nav class="navbar navbar-expand-lg">
<div class="collapse navbar-collapse" id="navbarText">
<span class="text-muted navbar-text"
>Made with 💝 by
<a href="https://opengis.ch" target="blank">OPENGIS.ch</a>. © 2023</span
>
</div>
<ul class="navbar-nav mr-auto">
<li class="nav-item mb-1">
<a class="nav-link" href="./index.html">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="./tos.html">Terms of service</a>
</li>
<li class="nav-item">
<a class="nav-link" href="./pricing.html">Pricing</a>
</li>
<li class="nav-item">
<a
class="nav-link"
href="https://docs.qfield.org/get-started/"
target="_blank"
>Documentation
<i class="fa fa-external-link" aria-hidden="true"></i
></a>
</li>
<li class="nav-item">
<a
class="nav-link"
href="https://support.qfield.cloud/portal/en/newticket?departmentId=116946000000442061&layoutId=116946000000710166"
target="_blank"
>Contact sales
<i class="fa fa-external-link" aria-hidden="true"></i
></a>
</li>
<li class="nav-item">
<a
class="nav-link"
href="https://status.qfield.org/"
target="_blank"
>Status
<i class="fa fa-external-link" aria-hidden="true"></i
></a>
</li>
</ul>
</nav>
</div>
</footer>
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script
src="https://code.jquery.com/jquery-3.5.1.min.js"
crossorigin="anonymous"
></script>
<script
src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.1/dist/js/bootstrap.min.js"
integrity="sha384-VHvPCCyXqtD5DqJeNxl2dtTyhF78xXNXdkwX1CZeRusQfRKp+tA7hAShOK/B/fQ2"
crossorigin="anonymous"
></script>
<script src="./js/main.js"></script>
</body>
</html>