Data Security

Data Encryption

All transmitted data is encrypted. The data in transit uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) technologies. These encryption methods are commonly used for encrypting sensitive information in web-based applications such as online banking and e-commerce.

Access Control

Access to the software is strictly controlled. Roles and permissions are defined to restrict access to sensitive data.

We use multi-factor authentication in the software admin panel.

  • Caleido Jira account owner: Iiro Christensen

  • Caleido Github account owners: Iiro Christensen, Ali Omar

Audit Logs

Detailed log data is maintained to record data usage, changes, and events. These logs are monitored and reviewed regularly for suspicious activity.

Data Anonymization and Pseudonymization

Currently, only those customer users who have a legal right to access personally identifiable information can use the software.

Later, Caleido will build a user access system for organizational users and will use anonymization and pseudonymization techniques to represent personally identifiable information, such as salaries and bonuses.

Data Backup and Recovery

Data backups are scheduled regularly, and a data recovery plan has been established to ensure business continuity in case of data loss.

Data Lifecycle Management

We define policies regarding data retention and deletion. These policies comply with relevant legal regulations and requirements.

Compliance with Regulations

We ensure that we comply with all relevant regional and industry-specific regulations, such as the GDPR.

Vendor Security

Key Service Provider

Caleido's main software supplier is:

  • Profil Software, https://profil-software.com/
    PROFIL SOFTWARE SP. Z O.O.
    Sportowa 8b, 81-300 Gdynia.
    Poland
    VAT UE: PL 5862379997

Profil Software employs over 80 in-house developers and has over 15 years of experience in software development. The company provides top-notch software solutions to SMEs and startups in over 10 countries across four continents. They specialize in Python development.

Other Suppliers

Currently, all other third-party service providers of Caleido are well-known and established companies, such as:

  • Jira, Atlassian

  • CircleCI

  • Github, Microsoft

  • Selenium

  • TestRail

  • Swagger

  • Postman

  • Heap Analytic

  • Microsoft Clarity

The security practices of all third-party service providers are evaluated.

Firewalls and Network Security

Firewalls and other network security measures are used to prevent unauthorized access. Examples of measures include:

  • Antivirus and anti-malware software (F-Secure).

  • Email protection: Caleido uses Google email accounts with two-way authentication.

  • Application security: Caleido uses Github alerts for possible security issues or zero-day attacks.

  • Behavioral analytics: Heap Analytics, Microsoft Clarity

  • Data Loss Prevention (DLP): Organizations ensure that their staff do not send sensitive information outside of the network.

  • Mobile device security: Use of VPN.

  • Wireless security: Use of non-password-protected wireless networks only through VPN.

  • Virtual Private Network (VPN): Use of VPN as needed.

Data Breach Response Plan

In the event of a data breach, we follow a predefined response plan. This plan includes the immediate containment of the breach, investigation, remediation, and notification to the affected parties.

Secure APIs

Security measures such as encryption, authentication, and rate limiting are applied to the APIs used by the software.

Dependencies

Caleido uses Dependabot to keep dependencies up to date.

Physical Security

Caleido does not have servers located on its premises.

Caleido uses Amazon AWS as its cloud service provider. Their physical security measures are reviewed according to Amazon AWS policies. The servers used by Caleido are located in the EU. Data centers adhere to very strict security standards and ISO certifications.

Policy Review

This policy is reviewed at least annually or after significant changes have been made to our business practices, IT infrastructure, or relevant legislation.

Non-Compliance with Principles

Non-compliance with this principle may result in disciplinary actions that could lead to termination of employment or contracts.

The company management has approved this principle, and it is published in version control. Check the principles regularly to ensure that your practices meet our latest standards.


Privacy Policy »