Skip to content

Commit

Permalink
Merge pull request #10 from opengisch/security_specifications
Browse files Browse the repository at this point in the history 
Add security specifications
  • Loading branch information
@m-kuhn
m-kuhn authored Feb 3, 2024
2 parents 3947ab2 + 11fc275 commit b73121f
Show file tree
Hide file tree
Showing 2 changed files with 184 additions and 1 deletion.
181 changes: 181 additions & 0 deletions security.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,181 @@
<!DOCTYPE html>
<html lang="en" class="h-100">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=no"
/>
<meta name="color-scheme" content="dark light" />

<link
rel="stylesheet"
href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"
/>
<link
rel="stylesheet"
type="text/css"
href="css/base.css"
/>
<link
rel="stylesheet"
type="text/css"
href="css/custom.css"
/>

<link
rel="shortcut icon"
type="image/png"
href="img/favicon.ico"
/>

<title>QFieldCloud - TOS</title>
</head>

<body class="d-flex flex-column h-100">
<!-- NAVBAR -->
<nav class="navbar navbar-expand navbar-light nav-fill w-100 bg-primary" >
<a href="/">
<img
src="img/logo_sidetext.white.svg"
alt="QFieldCloud"
class="logo-nav qfc-header-logo ml-1"
/>
</a>
<ul class="navbar-nav ml-auto">
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="/#features">Features</a>
</li>
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="/faq.html">FAQ</a>
</li>
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="https://docs.qfield.org/get-started/tutorials/get-started-qfc/" target="_blank">Documentation</a>
</li>
<li class="nav-item ml-2 d-none d-lg-block">
<a class="nav-link" href="/pricing.html">Pricing</a>
</li>
<li class="nav-item ml-2">
<a class="btn btn-primary" href="https://app.qfield.cloud/accounts/signup/"
>Register</a
>
</li>
<li class="nav-item ml-2">
<a class="btn btn-success" href="https://app.qfield.cloud/"
>Sign In</a
>
</li>
</ul>
</nav>

<!-- SECURITY SPECIFICATIONS -->
<main role="main" class="p-3">
<div class="container">
<div
class="pricing-header px-3 py-3 pt-md-5 pb-md-4 mx-auto text-center"
>
<h1 class="display-4">QFieldCloud Security Specifications</h1>
</div>

<p>Making the security of your data a top priority is integral to our commitment at QFieldCloud. We understand that trusting an external entity with your data is a significant decision.</p>
<h2>Overview of Security Measures</h2>
<p>The QFieldCloud service is protected by security measures on several levels. This includes hardening the infrastructure with a firewall and an intrusion detection system as well as regular backups, monitoring, encryption and following best practices for developing and deploying the system.</p>
<h2>Encrpytion</h2>
<p>All communication with QFieldCloud is encrypted via SSL / HTTPS.</p>
<h2>Access Control</h2>
<p>The service uses Role Based Access Control. Users need to authenticate with username and password or token. Authorization is managed based on organization, team and user configuration.</p>
<h2>Incident Response and Monitoring</h2>
<p>We are constantly monitoring our services and receive alerts whenever something unexpected happens. This gives us the possibility to react quickly and efficiently.</p>
<p>When incidents are detected we keep our users informed about the status via <a href="https://status.qfield.cloud">status.qfield.cloud</a> and provide follow-up analysis on incidents.</p>
<h2>Data Backup and Recovery</h2>
<p>All data stored within QFieldCloud is regularly backed up in a different location. Some of the data is replicated in real time, other parts are backed up based on a regular schedule which guarantees that no data older than 12 hours is without a backup.</p>
<h2>Payment</h2>
<p>Payments are handled by Stripe, a certified PCI Service Provider Level 1.</p>
<p>We do not store any credit card information; we only store identifiers that reference Stripe data.</p>
<h2>Compliance</h2>
<p>QFieldCloud is compliant with relevant data protection laws and regulations; for more detail consult the <a href="privacy.html">privacy statement</a>.</p>
<p>Data is processed in data centers within Switzerland, operated by Exoscale and flow.swiss. All data centers are ISO 27001 certified.</p>
<h2>Software Development Security</h2>
<p>Security is a fundamental subject throughout the development of QFieldCloud. Each code change is reviewed thoroughly before being integrated into a release. We also maintain a comprehensive suite of tests which is continuously run on the code base.</p>
<h2>Third-Party Security</h2>
<ul>
<li>Stripe is used for payment processing. The connection to Stripe is encrypted and authenticated. All errors during payment failures are stored by Stripe for detailed logging. All sensitive information like tokens is removed before transmission.
<li>Sentry is integrated for performance and error monitoring. User identifiers as well as error messages are attached to errors. The connection to Sentry is encrypted and authenticated. All sensitive information such as tokens and passwords is removed before any data is sent to Sentry.
</ul>
<h2>Contact Information</h2>
<p>If you need to get in touch with the team for critical security purposes, please reach out to <a href="mailto:[email protected]">[email protected]</a>.</p>
<h2>Updates and Revision History</h2>
<p>We are committed to continue to improve and document security and will keep this information updated as security of QFieldCloud evolves over time.</p>
<ul>
<li>3.2.2024 - Initial version
</ul>

</div>
</main>

<!-- FOOTER -->
<footer class="footer mt-auto py-3">
<div class="container">
<nav class="navbar navbar-expand-lg">
<div class="collapse navbar-collapse" id="navbarText">
<span class="text-muted navbar-text"
>Made with 💝 by
<a href="https://opengis.ch" target="blank">OPENGIS.ch</a>. © 2023</span
>
</div>
<ul class="navbar-nav mr-auto">
<li class="nav-item mb-1">
<a class="nav-link" href="./index.html">About</a>
</li>
<li class="nav-item">
<a class="nav-link" href="./tos.html">Terms of service</a>
</li>
<li class="nav-item">
<a class="nav-link" href="./pricing.html">Pricing</a>
</li>
<li class="nav-item">
<a
class="nav-link"
href="https://docs.qfield.org/get-started/"
target="_blank"
>Documentation
<i class="fa fa-external-link" aria-hidden="true"></i
></a>
</li>
<li class="nav-item">
<a
class="nav-link"
href="https://support.qfield.cloud/portal/en/newticket?departmentId=116946000000442061&layoutId=116946000000710166"
target="_blank"
>Contact sales
<i class="fa fa-external-link" aria-hidden="true"></i
></a>
</li>
<li class="nav-item">
<a
class="nav-link"
href="https://status.qfield.org/"
target="_blank"
>Status
<i class="fa fa-external-link" aria-hidden="true"></i
></a>
</li>
</ul>
</nav>
</div>
</footer>

<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script
src="https://code.jquery.com/jquery-3.5.1.min.js"
crossorigin="anonymous"
></script>
<script
src="https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js"
integrity="sha384-VHvPCCyXqtD5DqJeNxl2dtTyhF78xXNXdkwX1CZeRusQfRKp+tA7hAShOK/B/fQ2"
crossorigin="anonymous"
></script>
<script src="./js/main.js"></script>
</body>
</html>

4 changes: 3 additions & 1 deletion tos.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,9 @@
>
<h1 class="display-4">QFieldCloud Terms of service</h1>
</div>
<p>Please read these terms and conditions carefully before using Our Service. For details related to privacy, plese read the <a href="./privacy.html">privacy policy</a>.</p>
<p>Please read these terms and conditions carefully before using Our Service.</p>
<p>For details related to privacy, plese read the <a href="./privacy.html">privacy policy</a>.</p>
<p>For details related to security, plese read the <a href="./security.html">security specifications</a>.</p>
<p>Last updated: February 21, 2023</p>

<h1>Interpretation and Definitions</h1>
Expand Down

0 comments on commit b73121f

Please sign in to comment.