Security Policy

From Gtmhub: Align operations with strategy. Documentation
Jump to: navigation, search

Gtmhub Security Policy

This security policy is here to help you understand what information we collect at Gtmhub and how we use it. When we talk about Gtmhub in this policy, we are talking about Gtmhub Ltd. the company, the Gtmhub application, and the Gtmhub website at www.gtmhub.com. The Gtmhub application is available for use via a web browser and can be deployed in our cloud environment, a virtual private cloud or on premise at a customer site.

The following policy describes what practices are employed by Gtmhub to secure and prevent misuse or loss of data provided to Gtmhub by its clients.

Confidentiality

Gtmhub enforces strict control over access of data (refer to "Content" definition in the Gtmhub Service Agreement) it processes on behalf of its clients. Gtmhub is committed to ensuring that client Content cannot be accessed by anyone who should not have access to it. In order to ensure the operation of Gtmhub services certain Gthmhub employees need access to the systems which collect and process client Content. For example in order to diagnose and resolve a service outage. Those employees are not allowed to use their access rights to view client Content unless it is utterly necessary to do so. Gtmhub uses access logs and audit trails to ensure that any access to client Content is tracked.

Encrypted Traffic

All communication with the Gtmhub application, the Gtmhub website, and communication between Gtmhub services happen over SSL with 128-bit AES encryption, The connection uses TLS 1.2, it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism. The Gtmhub team closely monitors the security community and and is committed to promptly upgrading our services in response to new vulnerabilities as they are discovered.

Logging

Gtmhub uses a centralized logging system for all of its environments - both pre-production ones and the production environment. This logging system contains information for the healthy operation of our services and their availability. The logging system does not aggregate any client Content. The information collected is used by our staff for troubleshooting and resolving service outages.

Product security practices

New features, architecture design changes and functionality updates go though security assessment process facilitated by the Gtmhub CTO. Additionally any code change is peer-reviewed tested both automatically and manually before it is merged in our code base.

Incident management

If you believe that you have found a security vulnerability in any Gtmhub service, please contact our support team right away. We investigate all legitimate reports and are committed to resolving any security vulnerability in a timely manner