Politique de sécurité (fr)
Politique de sécurité de docduo (fr)
docduo takes your security and the security of your content visitors very seriously. Our team implemented security best-practices at every level.

Security Practices In Our Team Our whole team implements strict security practices regarding how they access their accounts:

  • docduo always refused to sell any data and our policy is to respect your data privacy. Our business model is based on paid docduo subscriptions. Not on your data
  • Two Factor Authentication on third-party services docduo uses
  • Our SSH keys are all password-protected
  • All the features are designed around security and reliability
  • Every computer running docduo development tools is secured and up to date
  • All docduo employees, agents, and providers are trained in data-security practices.
  • Security policies are regularly reviewed for all employees and relevant subcontractors
  • Employees that can access customer data via our internal system have different security levels. We make sure they only have access to relevant data (ie: no chat message, no end-customer data). It contains different permission levels, access logs, TOTP, rate-limits and safety checks.
  • Are all computers are encrypted
  • Are computers are not storing any customer data
  • We don't have any servers, security keys on site, this way we make sure that docduo, and your data is not at risk in case of an intrusion in our offices.
  • docduo uses encrypted backups so we are able to recover customer data in case of emergency.

Infrastructure Hardening

Server hardening is also critical in ensuring the best security for our users. Here are some of our practices in terms of infrastructure management:
  • All the servers and services are running latest security updates and patched immediately when a kernel vulnerability is published
  • Messaging servers are hosted in Ireland
  • Denial-of-service protections are set everywhere (this ensures service resiliency under attack)
  • Our architecture is replicated in micro-services, ensuring service continuity in case of hardware failure
  • We have different layers of databases witch are all replicated as well
  • Our network is protected with firewalls
  • Our system has a monitoring system allowing us to be aware of issues before those affects our customers.
  • Technical staff uses pagers so we are notified of incidents immediately
  • docduo infrastructure was designed to still run properly even in case of server incidents.
  • All docduo domains are protected with DNSSEC
  • Server authentication using protected SSH keys and direct password authentication is not possible SSH services are not publicly reachable and are limited to a set of allowed IPs Abusing IPs get automatically banned or rate-limited (prevents brute-force attacks on accounts)

Data Security

docduo strictly implements the GDPR regulation, that aims at protecting user data and providing a right to modify and delete such data, as well as to consent to data collection.

Ubiquitous Encryption

Encryption has become so cheap and convenient today that it's now possible to enable it everywhere. All public network channels on the docduo platform are fully encrypted. This comes for both assets loading (Web resources), and real-time statistics (user messages and user data). Our encryption techniques implement state-of-the-art practices:
  • Strong TLS keys: RSA, 2048 bits
  • Elliptic-Curve Cryptography
  • Forward-Secrecy with Diffie-Hellman parameters
  • HTTP Strict Transport Security
We dropped legacy encryption methods to alleviate known attacks:
  • The old SSL protocol is completely disabled (we use TLS)
  • Legacy ciphers are disabled (eg: RC4)
This allows you and your users to stay safe:
  • Hide the data as it is being transmitted on the network
  • Prevent all modification of data as it is being transmitted on the network
  • Prevent MITM (Man-in-the-middle attacks)
  • Allow the service to work on restricted networks, over strict proxies
If you have questions regarding docduo security, chat with us!
Dernière mise à jour 10mo ago