Security & GDPR
and security are our
Mobile device and app security becomes an increasingly important topic today. That´s why tchop takes every precaution to ensure that your data is kept and handled safe.
We understand security and compliance an on-going process and a shared responsibility. tchop is continuously investing in additional features and functionality to improve our platforms security. Data privacy is a key proposition of our platform as we do not and will not sell or market your data. It is our job to protect your data. The privacy rights of our clients and the security of their personal data are our highest priorities.
tchop complies with the requirements of the EU General Data Protection Regulation. We´ve developed a secure content and communication platform that protects employee and customer data equally. Therefore, under the guidance of our Data Protection Officer (DPO), we have assembled a team that guarantees strict compliance with all regulations.
Whether you’re a compliance officer, a decision-maker considering enterprise mobility and security for your organization or an IT administrator, don´t hesitate to get in touch with us if you have any questions or remarks.
Focus on infrastructure
and System Security
The tchop platform is hosted by Amazon Web Services (AWS), which complies to ISO 27001 and SSAE-16 standards, ensuring full data security. All information is encrypted using TLS 1.2 and PFS; security incidents are reported to our security team 24/7; and access to the tchop production servers is restricted. We do daily backups and have a contractually binding uptime of 99.9%.
tchop servers are located in Europe. Amazon Web Services facilities are compliant to ISO 27001 as well as SSAE-16 certification.
Our platform architecture is designed to minimize the risk of a security breach by permitting access to the minimal required systems only, while other systems, such as database servers, are only accessible internally. All traffic to our application servers is routed through our proxies and gateways. All other systems in our data centers never have direct access to the Internet—neither inbound nor outbound.
Our network is protected by redundant layer-4 firewalls; secure HTTPS-transport communication over public networks; and VPN only access to our production and testing systems; as well as key-based authentication for system administrators for maintenance purposes.
A security incident event management (SIEM) system gathers all available logs from our systems to analyze these for correlated events. The SIEM system notifies the tchop team about the event, so that the team can respond to that event quickly.
Distributed Denial of Service (DDoS) is mitigated by our hosting provider Amazon Web Services. "AWS Shield" provides always-on detection and automatic inline mitigations that minimize application downtime and latency. You can find more info here: https://aws.amazon.com/shield.
Access to the tchop produxtion environment is restricted to the core operations team. This includes frequently auditing and monitoring the accesses. All productive systems are secured by VPN and require key-based authentication.
Encryption in transit
All communication of our systems over public networks is encrypted using HTTPS with Transport Layer Security (TLS 1.2) and Perfect Forward Secrecy (PFS). We disabled SSLv3 on all systems to prevent security breaches.
End-to-end encrypted chat
We use a secure end-to-end AES 256 and TLS 1.2 encryption for our chat.
Encryption at rest
All user passwords are encrypted by using best-practice one-way hash functions to minimize the impact of a data breach.
We guarantee a minimum 99.9% uptime for the tchop platform.
We do back ups of all relevant systems in daily frequency and store these backups up to a month for restoring based on identified incidents. Also, all productive services of the tchop platform run at least in dual-mode to provide a fast performing failover. Our development team is equipped with plans for different scenarios and therefore is able to regain data in cases of emergency.
We perform automated tests on our code base in order to ensure a maximum level on QA. Also, we follow a test-driven decelopment approach and peer-review all code changes that are submitted to the code base by our team.
We work with testing and staging systems that are logically separated from production systems, so that we can rollout and improve on beta and alpha versions in an iterative process that never harms live services.
Secure Credential Storage
Passwords in tchop cannot be extracted, as they are stored in the database using bcrypt, a one-way-hash function designed to be collision free.
We periodically train our developers to be aware of common security risks for development as well as the data privacy of our customers' data.
All our team members have signed a confidentiality agreement to protect customer data, as well as agreements obligating them to comply with the data secrecy provisions of § 5 of the BDSG (Bundesdatenschutzgesetz) and the confidentiality of telecommunications (§ 88 Telecommunications Act).
Access to our production systems is reduced to a minimum set of people responsible for maintenance and operations. Only our management has access to the most sensitive spaces.
We offer several ways for onboarding your users. They can be invited directly by email. You can soon also use registration based on domain bonding. That is, every user with a certain email domain can register without having been invited individually. Even when you do not know the email address of your users, you can invite them by generating unique access codes for one-time registration. Finally, you can use SSO for registration.