We protect data, we protect our users. We take security very seriously.
We write all data instantly to multiple disks simultaneously (RAID). Every day, we back up all data to a different server room 20 km away.
Whenever data is in transit between the user device and Freelo, it is encrypted and sent using HTTPS. All files that users save to us are also encrypted on disk. The data within the project - comments, tasks and documents - are in the database directly. We keep database backups (dumpy) encrypted using PGP.
There are many redundant elements in our server architecture. Such as internet connectivity, cooling, power supply and network elements.
The servers are well secured, running automatic updates and protected by a firewall. The server automatically blocks connections when it detects suspicious activity from an IP address. The servers are monitored 24/7 and only an authenticated person has access to the server.
Every month we go through a security checklist and refine all the elements of our infrastructure.
Our servers are located in Prague in the TTC Teleport and Master DC servers. Physical access to servers is based on predefined access and identity documents.
Freelo and related systems are secured by the TLS. The application is built on frameworks that maximize security. We regularly evaluate OWASP versus Freelo systems.
Users are protected by using 2FA validation. Freelo also alerts you while logging in from an unknown browser. For deeper control, you can see a preview of login attempts. Also the list of devices the user is logged in with the possibility of remote logout.
Everyone working on Freelo's development must have an encrypted disk and use the password wallet on the computer (which are unique and very strong). Regularly update the computer and tools used to work. They must not connect to unsecured Wifi networks or use tools that do not meet common security standards. Freelo can not be developed without VPN access. Authentication is provided by SSH keys with passphras. An ordinary developer has no access to the production servers and user data. We regularly monitor and evaluate the risks and opportunities to improve security.
All transactions are processed through the secure and verified payment gateway. We do not store credit card details.
We store passwords in the form of unreadable hashes that we create using bcrypt with salt and parametr cost = 10. All user's passwords are safe.
Our system complies with the European Privacy Policy - the so-called GDPR. We work diligently to keep it consistent in the case of the changes we make in the system. We carefully select each partner and the service with which we link our system.
Your Hosting actively offers hosting services and protects the data of all customers. All the experience has been put into the security of the Freelo application. We are aware that we have only one trust.
For any security questions you can contact us through e-mail, Twitter or Facebook and we will answer professionally.
What we can promise is that we have taken all reasonable steps to make all data safe. Nothing, except the site itself, is directly exposed to the Internet. For access to everything else we have firewall and VPN security.