Last updated 1st May, 2018
Certifications and Assessments
Pelatum is currently going through Cyber Essentials Plus certification. Pelatum is not itself ISO27001 or SOC certified - however, Pelatum cloud providers are - details below.
Vulnerability Detection and Penetration Tests
Penetration tests are commissioned bi-annually, with all findings mitigated as appropriate. Issues that come to our attention through penetration tests, or other means, are fixed as quickly as reasonably possible.
Pelatum production services are provided by part of Google’s Cloud Platform, Firebase (“Firebase”). The physical servers are located in Google’s secure data centers. From Google’s documentation: “All Firebase services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process.” Full details found here: firebase.google.com/support/privacy and further information on how Google controls, secures and complies can be found here: privacy.google.com/businesses. Pelatum uses Algolia to manage its search - full details of Algolia’s data security can be found here: algolia.com/security.
Where is my data hosted?
Pelatum user content is stored on Google’s Firebase platform in the US. User content can also be found in Pelatum backups, stored in Google Cloud Storage, and in search indexes provided by Algolia. Further details of where Google stores data can be found here: firebase.google.com/support/privacy/#datastorageandprocessinglocations. Further details of Algolia can be found here: algolia.com/security. Google Firebase data processing terms can be found here: firebase.google.com/terms/data-processing-terms. We currently do not offer customers the option of hosting Pelatum on a private server, or to otherwise use Pelatum on a separate infrastructure.
Separate and distinct production, staging, and development environments are maintained, and production data is not replicated outside of the production restricted environments. Authorized and trained members of Pelatum support team who have undergone background checks are able to administer the Pelatum production environments, and can only authenticate using unique strong passwords and TOTP based 2FA. Customer data is not replicated onto employee workstations or mobile devices.
SAML 2.0 SSO is supported and can be configured for Pelatum Enterprise customers. All customers can enable 2FA on their accounts or use Google OAuth. If SSO or OAuth is used to access Pelatum, Pelatum will inherit the login security settings in the user's IdP or Google account.
If logging in directly to Pelatum using an email and password, Pelatum requires a minimum of 8 characters. Repeated failed login attempts trigger a 30 second lock before a user can retry. Passwords are stored in a hashed form and will never be sent via email—upon account creation and password reset, Pelatum will send a link to the email associated with the account that will enable the user to create a new password.
Password complexity and session length requirements cannot be customized within the app. However, these can be set within an IdP for an SSO-enforced team.
All customer data is considered highly sensitive and protected and access is least privilege. Only authorized and trained members of the Pelatum team have direct access to production systems and user data. Those who do have direct access to data are only permitted to view it in aggregate or for troubleshooting purposes. User data is only viewed by Pelatum employees for troubleshooting purposes when consent has expressly been provided ahead of time by the account owner or an administrator.
We maintain a list of members of the Pelatum team with access to the production environment. These members undergo criminal background checks and are approved by the Chief Product Officer. Another list allows all relevant roles to access code, as well as the development and staging environments. These lists are reviewed quarterly and on role change.
Trained members of the Pelatum customer support team have case-specific, limited access to user data through restricted access customer support tools. Customer support team members cannot review user-generated content without an express and revocable grant of permission. When a Pelatum user submits a support ticket, they have the option of authorizing the customer support team to view their data. The Pelatum Support team will only be able to access the account after authorization has been provided by an organization admin role, and access can be revoked at any time. Upon role change or leaving the company, or before firing, the production credentials of Pelatum employees are deactivated, and their sessions are forcibly logged out. From there, all accounts are removed or changed.
Third Party Access
Select customer data in very limited cases is shared only with third parties service providers acting as our agent (a user's email address for an email delivery provider, for example) and in strict compliance with signed service agreements.
Customer data is never to be replicated outside of the production environment and is never to be replicated onto employee workstations. Because of this, Pelatum relies on Google and Algolia for physical security compliance. Pelatum production services are hosted on Google’s Firebase Platform and Algolia’s search platform. The physical servers are secure and details can be found here: firebase.google.com/support/privacy and here: algolia.com/security.
Corporate Environment and Removable Media
Only authorised employees have secure access to Production environments. Production customer data is never to be stored on employee workstations or removable media. Employee devices are required to time out and lock after a maximum of ten minutes of inactivity.
Pelatum uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128bit Advanced Encryption Standard (“AES”) encryption. There is no non-TLS option for connecting to Pelatum. All connections are made securely over https.
We rely on Google’s Cloud Platform default encryption policies - from Google: “Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.” Full details can be found here: https://cloud.google.com/security/encryption-at-rest/default-encryption/ and for Algolia, here: https://www.algolia.com/doc/faq/security-privacy/is-my-data-encrypted-and-secured/
Encryption on Mobile Devices
Not applicable for now, as Pelatum does not currently have active native mobile apps.
Encryption keys are accessed and managed by authorised personnel through Google and Algolia as required.
Removing/Deleting Data from Pelatum
Production customer data is never to be replicated outside of the production cloud environments and is never to be stored on employee workstations or removable media. On termination of a Pelatum Enterprise contract, and at the request of the customer, the data belonging to the Enterprise teams will be completely removed from the live production database and all file attachments uploaded directly to Pelatum will be removed within 30 days. The team’s data will remain in encrypted Pelatum database backups until those backups fall out of the 90-day backup retention window and are destroyed in accordance with Pelatum data retention policy. In the event that a database restore is necessary within 90 days of a requested data deletion, the Pelatum operations team will re-delete the data as soon as reasonably possible after the live production system is fully restored.
Development, Patch and Configuration Management
All changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment. Thousands of automated unit tests are run against all production code prior to deployment, as well as regularly conducted automated vulnerability scans and commissioned penetration tests. All changes are tested in a staging environment prior to deployment to production. Patches to the web client are deployed on a rolling basis, usually several times per week. Production servers are managed via a centralized configuration system. All system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.
Pelatum restricts access and maintains separate lists of relevant roles with access to source code, development, staging, and production environments. These lists are reviewed quarterly and on role change. We use source code management tools and repositories.
A full list of the open-source libraries used in Pelatum is available on request.
While some assets are not owned by a specific individual, ownership and maintenance of the confidentiality, integrity, and availability of our systems is distributed amongst the R&D and Support teams. Assets are transferred upon role change or leaving the company.
Data Within Pelatum
Upon account creation, Pelatum users are asked for full name and email, though these do not need to be verified. Pelatum makes no assumptions about the types of data that a given customer may choose to store within its service. Pelatum is a visual discovery and collaboration tool that supports organizing of data into groups, themes, questions and insights and can include attachments, but the specific nature of what is stored is up to the customer.
Pelatum validates files for well-formedness and the like, however, we have explicitly designed the product to support any type of content users may choose to store within the Pelatum service.
User Team Management and Access
Admins for an Enterprise account will be set via your account manager.
It is not possible to limit the geolocations allowed to access data within Pelatum. Data can be accessed by users who have access to such data within the app from any geolocation. All access to user data is via the API which includes strict authorization checks.
Integrations cannot be restricted within a group. Integrations which connect Pelatum to other services (such as Facebook Workplace or Slack) will require authentication with an existing account in that service before the Integration is active. If working within a corporate environment, the domain used to authenticate that account can be blocked in your environment's firewall.
Backup, Business Continuity, and Disaster Recovery Policy
Data, including attachments, entered into Pelatum is backed up regularly. All backups are encrypted and stored with Google Cloud Storage.
Files associated with Pelatum comments from a supported cloud storage provider (via integration) are subject to the storage provider’s own backup procedures and policies and are not included in the Pelatum backup procedures.
All backups are immediately encrypted with 256-bit AES encryption and stored in Google Cloud Storage. Encrypted backups can only be decrypted by members of the Pelatum support team who have received training and have been authorized to decrypt the backups.
A replica of Pelatum primary database is taken once every 24 hours.
All Pelatum backups are retained on Google Cloud Storage every 24 hours.
Only authorized members of the Pelatum support team have access to the backup locations, so that they are able to monitor the performance of the backup processes, and in the very unlikely event that a restore becomes necessary. After 90 days, the encrypted backup files are destroyed.
Pelatum data is available for export on a case by case basis - an authorised organization admin should contact support@Pelatum.com or submit a support ticket to start the process.
Business Continuity & Disaster Recovery
Pelatum relies on the significant measures that our cloud providers have in place for business continuity. From Google: “Google replicates data over multiple systems to help to protect against accidental destruction or loss. Google has designed and regularly plans and tests its business continuity planning/disaster recovery programs.”
Anti-virus and anti-malware
Pelatum has a centrally managed anti-virus solution and ensures that all employees computers are kept up to date.
Many of Pelatum employees work remotely. Customer data is never to be replicated outside of the production environment, which is stored within Google’s secure servers.
Authorized and trained members of Pelatum R&D and Support teams who have undergone background checks authenticate to production environment using unique strong passwords and TOTP based 2FA.
Any corporate network has no additional access to the production environment.
Security Awareness and Confidentiality
Security awareness and customer data access policies are covered during employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Employees also sign a Confidential Information and Inventions Agreement.
In the event that a security policy is breached by an employee, Pelatum reserves the right to determine the appropriate response, which may include termination.
All employees undergo an extensive interview process before hiring. Employees with direct access to the production environment undergo a criminal background check. Other employees may undergo a check depending on their role (academic for legal roles, credit for finance, etc). Appropriate NDAs are in place with third parties as appropriate.
Employees are required to enforce 2FA when available and use a password manager with random, secure passwords. Authorized employees access the production environment by authenticating using unique strong passwords and TOTP based 2FA.
When it is necessary to perform planned maintenance on Pelatum services, the Pelatum support team will perform the work during one of two scheduled weekly maintenance windows. We will make reasonable efforts to announce maintenance procedures that could potentially impact users of Pelatum at least 24 hours prior to the event, and via an in-app announcement at least 30 minutes prior to the event.
Planned Maintenance Windows
Wednesday from 07:00 AM to 08:00 AM GMT.
Friday from 07:00 AM to 08:00 AM GMT.
These windows have been selected with the goal of minimizing service downtime, slowness, or other impact to the people and businesses that rely on Pelatum.
We do our best to make outages as short as possible. Additionally, our maintenance schedule will frequently be evaluated to ensure that we keep user impact as low as reasonably possible. Should we need to reschedule these windows, the updated schedule will be announced with reasonable advance notice.
Due to unforeseen events, we may have to infrequently perform unplanned maintenance on Pelatum infrastructure or software components. This maintenance might cause some or all of the Pelatum services to be inaccessible by our users for a period of time. It is our goal to do this as infrequently as possible. Any unplanned or emergency maintenance will be announced with as much advance notice as reasonably possible. As with planned maintenance, we do our best to minimize disruption caused by service outages.