QFieldCloud Security Specifications
Making the security of your data a top priority is integral to our commitment at QFieldCloud. We understand that trusting an external entity with your data is a significant decision.
Overview of Security Measures
The QFieldCloud service is protected by security measures on several levels. This includes hardening the infrastructure with a firewall and an intrusion detection system as well as regular backups, monitoring, encryption and following best practices for developing and deploying the system.
All communication with QFieldCloud is encrypted via SSL / HTTPS.
The service uses Role Based Access Control. Users need to authenticate with username and password or token. Authorization is managed based on organization, team and user configuration.
Incident Response and Monitoring
We are constantly monitoring our services and receive alerts whenever something unexpected happens. This gives us the possibility to react quickly and efficiently.
When incidents are detected we keep our users informed about the status via status.qfield.cloud and provide follow-up analysis on incidents.
Data Backup and Recovery
All data stored within QFieldCloud is regularly backed up in a different location. Some of the data is replicated in real time, other parts are backed up based on a regular schedule which guarantees that no data older than 12 hours is without a backup.
Payments are handled by Stripe, a certified PCI Service Provider Level 1.
We do not store any credit card information; we only store identifiers that reference Stripe data.
QFieldCloud is compliant with relevant data protection laws and regulations; for more detail consult the privacy statement.
Data is processed in data centers within Switzerland, operated by Exoscale and flow.swiss. All data centers are ISO 27001 certified.
Software Development Security
Security is a fundamental subject throughout the development of QFieldCloud. Each code change is reviewed thoroughly before being integrated into a release. We also maintain a comprehensive suite of tests which is continuously run on the code base.
- Stripe is used for payment processing. The connection to Stripe is encrypted and authenticated. All errors during payment failures are stored by Stripe for detailed logging. All sensitive information like tokens is removed before transmission.
- Sentry is integrated for performance and error monitoring. User identifiers as well as error messages are attached to errors. The connection to Sentry is encrypted and authenticated. All sensitive information such as tokens and passwords is removed before any data is sent to Sentry.
If you need to get in touch with the team for critical security purposes, please reach out to firstname.lastname@example.org.
Updates and Revision History
We are committed to continue to improve and document security and will keep this information updated as security of QFieldCloud evolves over time.
- 3.2.2024 - Initial version