Publish Date: January 1st , 2022
We take the security of your data very seriously at MeaningCloud. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way we handle security. If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.
Architecture and Data Segregation
The MeaningCloud services are operated on a multitenant architecture at both the platform and infrastructure layers that is designed to segregate and restrict a access to the data you and your users make available via the MeaningCloud services, as more specifically defined in your agreement with MeaningCloud (or its corporate affiliate(s)) covering the use of the MeaningCloud services (“Customer Data”), based on business needs. The architecture provides a logical data separation for each different customer via a unique ID.
Public Cloud Infrastructure
The MeaningCloud services are hosted over the Internet on a “Public Cloud”, which are computing services offered by third party providers to anyone who wants to use or purchase them. Like all cloud services, a public cloud service runs on remote servers that a provider manages.
The MeaningCloud services undergo security assessments by internal personnel who perform regular audits of the MeaningCloud services to verify that our security practices are sound and to monitor the MeaningCloud services for new vulnerabilities discovered by the security research community. In addition to periodic and targeted audits of the MeaningCloud services and features, we also employ the use of continuous hybrid automated scanning of our web platform.
Certifications are performed on the MeaningCloud services, and Customers may download a copy of available applicable certifications here.
MeaningCloud will implement and maintain appropriate technical and organizational measures to protect your Customer Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to Customer’s personal data processed or transmitted through the MeaningCloud services. The MeaningCloud services have a number of security controls, including but not limited to:
- Access logging. Detailed access logs are available both to users and administrators of paid teams. We log every time an account signs in, noting the type of device used and the IP address of the connection. Team Administrators and owners of paid teams can review consolidated access logs for their whole team.
- Access Management. Administrators can remotely terminate all connections and sign out all devices authenticated to the MeaningCloud services at any time, on demand.
- Data Retention. Owners of paid MeaningCloud teams can configure custom message retention policies on a team-wide and per-channel basis. Setting a custom duration for retention means that messages or files older than the duration you set will be deleted from the MeaningCloud services’ production servers on a nightly basis.
- Host Management. We perform automated vulnerability scans on our production hosts and remediate any findings that present a risk to our environment. We enforce screen lockouts and the use of full disk encryption for company laptops.
- Network Protection. In addition to sophisticated system monitoring and logging, firewalls are configured according to industry best practices, using AWS security groups.
- Product security practices. New features, significant functionality, and design changes go through a security review process facilitated by the security team. In addition, our code is audited with automated static analysis software, tested, and manually peer-reviewed prior to being deployed to production. The security team works closely with development teams to resolve any additional security concerns that may arise during development.
For some of the controls, the Customer cannot disable them; others provide customization of the MeaningCloud services’ security by Customers for their own use. As such, protecting Customer Data is a joint responsibility between the Customer and MeaningCloud. At a minimum, MeaningCloud will align with prevailing industry standards such as ISO 27001.
MeaningCloud, or an authorized external entity, will monitor the MeaningCloud services for unauthorized intrusions.
Systems used in the provision of the MeaningCloud services log information to their respective system log facilities or a centralized logging service (for network systems) in order to enable security reviews and analysis. MeaningCloud maintains an extensive centralized logging environment in the production environment which contains information pertaining to security, monitoring, availability, access and other metrics about the MeaningCloud services. These logs are analyzed for security events via automated monitoring software, overseen by the security team.
MeaningCloud maintains security incident management policies and procedures. MeaningCloud notifies impacted customers without undue delay of any unauthorized disclosure of their respective Customer Data by MeaningCloud or its agents of which MeaningCloud becomes aware to the extent permitted by law. MeaningCloud typically notifies customers of significant system incidents by email, and for incidents lasting more than one hour, may invite impacted customers to join a conference call about the incident and MeaningCloud’s response.
The MeaningCloud services use industry-accepted encryption products to protect Customer Data (1) during transmissions between a customer’s network and the MeaningCloud services; and (2) when at rest. The MeaningCloud services support the latest recommended secure cypher suites and protocols to encrypt all traffic in transit. We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve. For encryption in transit, we do this while also balancing the need for compatibility with older clients.
Reliability, Backup, and Business Continuity
We understand that you rely on the MeaningCloud services to work. We’re committed to making the MeaningCloud services a highly available service that you can rely on. Our infrastructure runs on systems that are fault-tolerant, for failures of individual servers or even entire data centers. Our operations team tests disaster recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents. Industry standard best practices for reliability and back-up helped shape the design of the MeaningCloud services. MeaningCloud performs regular backups, facilitates rollbacks of software and system changes when necessary and replication of data as needed. Where possible, MeaningCloud will assist the Customer with data recovery for Major Catastrophic Events, as limited by data residency requirements of the locality and capabilities within the region. “Major Catastrophic Event” means three broad types of occurrences: (1) natural events such as floods, hurricanes, tornadoes, earthquakes, and epidemic; (2) technological events such as failures of systems and structures such as pipeline explosions, transportation accidents, utility disruptions, dam failures, and accidental hazardous material releases; and (3) human-caused events such as active assailant attacks, chemical or biological attacks, cyber attacks against data or infrastructure, and sabotage. Major Catastrophic Event does not include bugs, operational issues, or other common software related errors.
Customer Data is stored redundantly in multiple locations in our hosting provider’s data centers to ensure availability. We have well-tested backup and restoration procedures which allow recovery from a major disaster. Customer Data and our source code are automatically backed up every night. The operations team is alerted in the event of a failure in this system. Backups are fully tested at least every 90 days to confirm that our processes and tools work as expected.
Deletion of Customer Data
The MeaningCloud services provide the option for workspace Primary Owners to delete Customer Data at any time during a subscription term. Within 24 hours of workspace Primary Owner-initiated deletion, MeaningCloud hard deletes all information from currently running production systems. MeaningCloud services backups are destroyed within one month (backups are destroyed within one month, except that during an on-going investigation of an incident such period may be temporarily extended).
When a customer terminates a paid subscription, if a customer does not otherwise elect to delete its account, MeaningCloud will, within 90 days following the subscription termination, delete, and ensure that all of its Affiliates and applicable third party hosting providers delete, all copies of Customer Data (excluding team and channel names, and search terms embedded in URLs in web server access logs) within 14 days after MeaningCloud has initiated deletion of the customer’s account. When a customer terminates any paid subscription to the MeaningCloud services other than Enterprise Grid, the customer’s subscription will continue under the free usage tier for the MeaningCloud services subject to the then-current online Customer Terms of Service or other main online subscription agreement applicable to such free usage tier (“Free Subscription Terms”), and the Customer Data will not be deleted until (i) the Customer self deletes the workspace, (ii) the Customer otherwise instructs MeaningCloud to delete their Customer Data, or (iii) either party terminates the Free Subscription Terms. Upon the occurrence of such events, MeaningCloud shall, within 14 days, delete, and ensure that all of its Affiliates and the permitted third party hosting providers delete, all copies of Customer Data (excluding team and channel names, and search terms embedded in URLs in web server access logs).
We place strict controls over our employees’ access to Customer Data. The operation of the MeaningCloud services requires that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem you are having with the MeaningCloud services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so. We have technical controls and audit policies in place to ensure that any access to Customer Data is logged.
All of our employees and contract personnel are bound to our policies regarding Customer Data and we treat these issues as matters of the highest importance within our company.
MeaningCloud employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the MeaningCloud services.
MeaningCloud uses infrastructure provided by Amazon Web Services, Inc. (“AWS”) to host or process Customer Data submitted to the MeaningCloud services. Information about security provided by AWS is available from the AWS Security website. Information about security and privacy-related audits and certifications received by AWS, including information on ISO 27001 certification and SOC reports, is available from the AWS Compliance website.