Security Policy

Last updated: October 17, 2022

TeamPoolz d.o.o. ("us", "we", or "our") offers a digital subscription service on the https://agile-tools.io website (the "Product").

We are committed to keeping your data secure. Privacy and dependability are at the core of our services, and we employ reputable cloud service providers to safeguard your data.

Product

To the best of our abilities, we ensure that the products and services we offer are free of security flaws. In addition, we support a variety of security-focused tools to safeguard your data:

 

  • Encryption: Transport Level Security (TLS) is used to protect all data in transit, and all API and client communications (web and mobile) require HTTPS connections. All client data, including email addresses, passwords, API keys, and third-party integration credentials, is encrypted at rest.

  • Authentication: All Product accounts support authentication by email and user-provided password. The passwords are protected by the algorithm designed specifically for passwords. We can't see them in plain-text form, and brute-force attacks are time-consuming - thousands of years).

  • Permanent deletion: Users with the appropriate permissions can delete account-related information. It can take up to 7 days for all data to be removed from our systems.

Infrastructure & Operational Practices

Product's backend is hosted on Scaleway. Scaleway's physical infrastructure is hosted and maintained within secure data centers. Scaleway continuously controls risk and is subjected to periodic audits to verify compliance with industry standards.


Scaleway hosts TeamPoolz's Product.

  • Hosting and storage: Product services and data are hosted in Europe.

  • Backups: We utilize continuous protection to back up client data, allowing us to restore the database to any point in the past seven days.

  • Vulnerability scanning: As part of our continuous delivery process, automated vulnerability scans are performed.

Reliability

To support our goal of a 99.9% uptime across all of our products, we host our monitoring and logging systems outside of our production environment to ensure continuous reporting in the event of a system outage.

Compliance

  • PCI DSS: All payments to us are processed by our payment partner, Stripe. Stripe's security website contains information regarding their security setup and PCI compliance.

Security Controls

  • Software development: Our software development procedures adhere to OWASP's recommendations, thereby protecting against common threats.

  • Immutable infrastructure: We do not make changes to production servers or live code. When possible, we treat our infrastructure as code, and all changes undergo automated testing and deployment.

  • Continuous delivery: Multiple times a day, we build, test, and release code using continuous integration and automated deployments.

  • Incident response: We have monitoring mechanisms in place that alert the team quickly of any security or availability incidents. These monitoring tools are hosted separately from our production infrastructure.

  • Access to customer data: Our staff restricts access to confidential customer information to only a select few members. If it becomes necessary for the team to access sensitive customer data, we will do so only after acquiring the client's email authorization in writing.