Big_loader_ajax

Security policy

This policy describes how OneSoft Connect addresses the security of your data. This Security Policy complements our Terms of Service and Privacy Policy.

OneSoft Connect Inc. (hereinafter referred to as "OSC" or "we") provides services and products (hereinafter referred to as "Products", "Services" or "Platform") intended for professionals, businesses and other organizations ("Clients”, “Customers” or “You”). Clients use our services for business purposes or other operational needs and for storing various business and personal information.

Statement on data security and data protection

  1. As a platform provider, we recognize the security and privacy of yourself and your data as of paramount importance. That is why privacy and security are of utmost importance to us and we feel obliged to protect them.
  2. We keep your data safe and protected against various security threads.
  3. Your privacy is our priority. We treat your data and that of other users in an ethical manner, that is, we do not trade your data, neither do we share it with any third parties as this would conflict our privacy policy.

How is your data protected 

Data saved in our products are protected by several layers of security. OneSoft is a web application built on a three-tier architecture separating servers from the application as well as the database from user environment (launched from a web browser).

Data security and protection in the application

  1. Each client has its own separate database isolated from other clients' databases, ensuring privacy and data security.
  2. Only your users can log in to your user environment.
  3. Authentication of users through user name and password is required to log in to the application.
  4. Every user must choose strong password (recommended or enforced password policy).
  5. You must protect the user login information against abuse or misappropriation on all user devices. 
  6. Passwords are encrypted in such a way that no one, except for the owner, can acquire it. A password can only be changed by the user or administrator. Neither we nor anyone else has access to user passwords. 
  7. In case of loss of the password or a thread, the user can recover his or her password. Since users are informed by emails about the activities within OneSoft, they can learn about somebody else's activity in the product. 
  8. All passwords are encrypted and cannot be tracked back. There is an option of two-factor authentication.
  9. Permissions to data are governed by user roles.
  10. Roles are defined through the restrictions / permissions to data access, including access to personal data.
  11. You or your administrator is responsible for the permissions assigned to individual roles.

Security and protection of transferred data

  1. Data transfer between the server and the users’ devices is protected by encrypted connection, we strictly use only encrypted connection via https.

Security and protection of stored data

  1. All data is stored in database on a server. No data is stored on user devices (they only serve to display the data).
  2. No data is stored on user devices. If you lose your laptop or smartphone, no data from the application will be lost. 
  3. Access to our services can also be protected by private company access, and hence, products running in the cloud may not be visible from the (normal) Internet (Enterprise plan only).
  4. Data is stored either in the cloud or on your own infrastructure (on-premise mode).
  5. Data in the cloud is stored only in professional data centers that provide a high level of security (find out more about our cloud safety).
  6. Due to the product architecture, no data center operator can access your data, that is, the data of the Client.
  7. Data is regularly backed up.
  8. OSC offers its services in different "data regions". A data region is a data center or a set of data centers in a specific geographic region where client data is stored. Data of our clients from Europe, Africa, and certain parts of West Asia is located in data centers within the European Economic Area, whereas data of our clients from the USA as well as from Pacific and the rest of Asia is located in the American storage sites. We use services of the following data center providers: 
    1. Oracle Corporation, 500 Oracle Parkway, Redwood Shores, CA 94065, USA
    2. IBM, 1 New Orchard Road, Armonk, New York 10504-1722, USA
    3. OVH US LLC, 11480 Commerce Park Dr., Suite 500, Reston, VA 20191, USA

 

Security of the application - privacy by-design

  1. We strive to design the application to meet the security requirements.
  2. The application source code is protected by encryption, which does not allow any third-party access.
  3. The database is protected by encryption which makes the data accessible only to the users - your data is only accessible to you and your users.

 

Definitions

For the purposes of this Statement, terms are defined as follows:

  1. "Client", "Customer" or "You" is the entity that has agreed to the terms and conditions and uses our services. It is you who defines users' permissions and who is responsible for their behavior within our products.
  2. "User" is a specific person to whom belong a specific customer account used to benefit from our platform, products, or services.
  3. "Potential client" is an entity that has shown interest in one or more of our services.
  4. "Visitor" is the person who have visited one or more of our product web pages.
Onesoft Connect Inc. 303 Twin Dolphin Drive, Suite 600, Redwood city, CA 94056 (referred to as "Service provider").