All data is written immediately to multiple hard drives at the same time (RAID). We back up all data daily - to another datacenter, which is 20 km away.
Data traveling between the user device and Freelo is encrypted and sent via HTTPS. Always. All files that users store in Freelo are encrypted on a hard drive. Project data - comments, tasks, and notes are in the database directly without encryption. Our database backups are stored PGP-encrypted.
There are many redundant elements in our server architecture. Such as internet connectivity, cooling, power supply and network elements.
Servers are well secured, running with automatic updates and protected by strong firewall. The server automatically blocks IP address when it detects suspicious activity. Servers have 24/7 monitoring and care. Servers are accesible only by verified people.
Every month we go through a security checklist and refine all the elements of our infrastructure.
Our servers are located in Prague in the TTC Teleport and Master DC servers. Physical access to servers is based on predefined access and identity documents.
Freelo and related systems are secured by the TLS. The application is built on frameworks that maximize security. We regularly evaluate OWASP versus Freelo systems.
Users have protection using 2FA validation . Freelo also alerts you to logging in from an unknown browser . For greater control, you can see a preview of login attempts, as well as devices on which the user is logged in with the possibility of remote logout.
Anyone working on Freelo's development must have an encrypted disk. Use a wallet on your desktop computer for passwords (which are unique and very powerful). Regularly update your computer and tools used to work. Instead, they must not connect to unsecured Wifi networks or use tools that do not meet common security standards. Freelo can not be developed without VPN access. Authentication to most locations is provided by SSH keys with passphrase. The common developer has no access to the production servers and user data. We regularly monitor and evaluate risks and opportunities to improve security.
All transactions are processed using a secure and verified payment gateway. We do not store credit card details.
At Váš Hosting s.r.o. we actively offer hosting services and protect the data of our customers. We put all of our experience into Freelo security. We know that there is only one trust.
We store passwords in the form of unreadable hashes that we create using bcrypt with salt and parametr cost = 10. All user's passwords are safe.
Just to be clear, nothing is 100% safe, and anyone who guarantees it does make a promise that can not be met. Even banks, governments and corporations that spend billions for security can be threatened by highly motivated individuals.
What we can promise is that we have taken all reasonable steps to make all data safe. Nothing, except the site itself, is directly exposed to the Internet. For access to everything else we have firewall and VPN security.