RedJade Data Security and Protection FAQs
At Tragon, we deliver services to enterprises and educational institutions in over 40 countries. We know our RedJade customers care deeply about privacy and data security and are committed to offering a service that includes sophisticated technical and physical controls designed to prevent unauthorized access to or disclosure of RedJade customer data.
For the purposes of these FAQs we have distinguished between two types of RedJade customer data: account information and customer content.
When we refer to account information we mean the information about a RedJade customer that such customer provides to us in connection with the creation or administration of its RedJade customer account. For example, this includes the name of the customer, names of contacts persons at the customer, RedJade usernames, office phone numbers, email addresses and billing information associated with a customer account.
When we refer to customer content we mean all data that a RedJade customer uploads into RedJade from time to time for hosting and any computational results that a RedJade customer derives from the foregoing through their use of RedJade.
All RedJade account information is currently stored on Tragon’s servers in California and accessed and used by the Tragon’s US administrative team as required in connection with the day to day technical and organizational administration of our RedJade customer accounts, including but not limited to invoicing.
Where will RedJade customer content be stored?
- All RedJade customer content is currently stored on Amazon Web Service (AWS) servers located in Frankfurt, Germany.
We may move RedJade customer content to other servers located in the EU or the US from time to time; however, we will not move customer content uploaded by our EU customers to a server outside the EU without prior notice to the EU customers concerned.
Who will have access to RedJade customer content?
- We do not access or use any content uploaded by our customers into RedJade except as legally required or as necessary for the provision and support of the RedJade Hosting Services. All RedJade support services are currently provided, and RedJade is maintained, by Tragon staff based in Redwood City, California and Boulder, Colorado. For details of Tragon’s RedJade support services please visit our website at www.redjade.net/support.
We will not disclose customer content uploaded into RedJade unless we determine, on advice from legal counsel, that such disclosure is required by applicable law. If we are compelled to disclose customer content we will, unless prohibited from doing so by law, use best efforts to notify the relevant customer prior to such disclosure to give them the opportunity to seek protection from the disclosure. Please see our Hosting Services Agreement for further details in this regard.
Will customer content uploaded into RedJade be secure?
- AWS data centers are among the most secure in the world and are in full compliance with an extensive list of global security standards, including ISO 27018, SOC, and the PCI Data Security Standard. They are equipped with state-of-the art electronic surveillance and multi-factor access control systems, staffed 24x7 by trained security guards, and access is authorized strictly on a least privileged basis, limited to system administration purposes.
We also have robust systems, processes and procedures in place to prevent unauthorized access to customer data uploaded into RedJade by Tragon’s staff other than those staff members who are engaged in the provision of the RedJade Support Services.
Tragon staff members who are engaged in the provision of the RedJade Support Services are subject to strict contractual confidentiality obligations and their access to RedJade customer data is authorized strictly on a least privileged basis. As such only three members of Tragon’s senior management do at the moment have the technical ability to access RedJade customer data.
Amazon is contractually obligated to not access or use your data except as necessary to comply with the law or a binding order of a governmental body. AWS delivers services to more than one million active customers, including enterprises, educational institutions, and government agencies in over 190 countries. AWS customers include financial services providers, healthcare providers, and governmental agencies, which trust Amazon with some of their most sensitive information. For more information please review the following http://aws.amazon.com/agreement/ and https://aws.amazon.com/compliance/data-privacy-faq/
All of your data is protected by security protocols put in place by RedJade’s development team which ensures the following:
- All data is encrypted, backed-up, and moved off-site every night. Transaction logs allow us to retrieve data at any point in time.
- All data is transmitted using 256-bit encryption. The connection uses AES256-CBC, with SHA1 for message authentication and RSA as the key exchange mechanism.
- Authentication & authorization systems leverage robust open source solutions used by thousands of SaaS providers.
- Extensive network and security monitoring systems provide important security measures, such as basic distributed denial of service (DDoS) protection and password brute-force detection.
- Multi-tenant data is protected by global filters at the ORM level. A robust test suite ensures your data is only available to authorized users.
- All system access is logged, and staff is alerted of any changes to ensure the integrity of the production system.
- Regularly scheduled penetration tests ensure the effectiveness of firewalls and other IT security measures.
The application is designed, developed, deployed and tested in accordance with leading industry standards from BSIMM-V and COBIT guidelines.
Customer Content That Includes Personal Data
- We do not have any visibility into or knowledge of what data RedJade customers upload into RedJade from time to time, including whether or to what extent this includes personal data, nor do we have any control over how RedJade customers then process this data using RedJade.
However, we do appreciate of course that where content uploaded by our customers into RedJade does include personal data such customers are subject to varying data protection obligations, in particular where those customers are located in the EU.
We have taken this into account in our Hosting Services Agreement, however, we are happy to discuss any queries that RedJade customers may have in this regard.
What happens to RedJade customer content after termination of the Hosting Services Agreement?
- As set out in the Hosted Services Agreement we will upon a RedJade customer’s written request within 90 days after the termination of the Hosted Services Agreement export or retrieve a copy of the relevant customer content from the Hosted Services to a destination designated by the RedJade customer. After expiry of these 90 days we have no obligation to further maintain or provide a customer with copies of any customer content and may, unless legally prohibited, delete the same. [A RedJade customer can upon termination of the Hosted Services Agreement also request that its customer data is deleted permanently from our servers.]