We protect data, we protect our users. We take security very seriously.
All data are written immediately to multiple hard drives at the same time (RAID). We back up all data daily - to another datacenter, which is in 20 km distance.
Data on the way between the user device and Freelo are always encrypted and sent via HTTPS. All files that users store in Freelo are encrypted on a hard drive. Project data - comments, tasks, and notes are in the database directly without encryption. Our database backups are stored PGP-encrypted.
There are many redundant elements in our server architecture. Such as internet connectivity, cooling, power supply and network elements.
Servers are well secured, running with automatic updates and protected by strong firewall. The server automatically blocks IP address when it detects suspicious activity. Servers have 24/7 monitoring and care. Servers are accesible only by verified people.
Every month we go through a security checklist and refine all the elements of our infrastructure.
Our servers are located in Prague in the TTC Teleport and Master DC servers. Physical access to servers is based on predefined access and identity documents.
Freelo and related systems are secured by the TLS. The application is built on frameworks that maximize security. We regularly evaluate OWASP versus Freelo systems.
Users are protected by using 2FA validation. Freelo also alerts you while logging in from an unknown browser. For deeper control, you can see a preview of login attempts. Also the list of devices the user is logged in with the possibility of remote logout.
Everyone working on Freelo's development must have an encrypted disk and use the password wallet on the computer (which are unique and very strong). Regularly update the computer and tools used to work. They must not connect to unsecured Wifi networks or use tools that do not meet common security standards. Freelo can not be developed without VPN access. Authentication is provided by SSH keys with passphras. An ordinary developer has no access to the production servers and user data. We regularly monitor and evaluate the risks and opportunities to improve security.
All transactions are processed through the secure and verified payment gateway. We do not store credit card details.
The company Vas Hosting actively provides hosting services and protects data of all customers. They gave all their experience into the security of Freelo. We are aware that we have only one trust.
We store passwords in the form of unreadable hashes that we create using bcrypt with salt and parametr cost = 10. All user's passwords are safe.
Just to be clear, nothing is 100% safe. Anyone who guarantees it, makes a promise that can't be met. Even banks, governments and corporations that spend billions for security can be threatened by highly motivated individuals.
What we can promise is that we have taken all reasonable steps to make all data safe. Nothing, except the site itself, is directly exposed to the Internet. For access to everything else we have firewall and VPN security.