In this article, we describe how we protect your data.
Google Cloud Platform:
We store all data on the Google Cloud Platform, where it is encrypted and protected. Access to the data is restricted to authorized personnel only. All services run on the Google Cloud Platform, and administrators regularly receive important updates through the Google Security Bulletin.
- Standalone VMs: These are primarily used for development purposes and are not part of our internal cluster network. These nodes are manually updated based on usage and version requirements.
- Cluster: With node auto-upgrade enabled, Google Cloud automatically performs necessary upgrades, thanks to rolling updates being enabled.
- Docker Layer: All application services are containerized using Docker. We prohibit manual installation of services directly on VMs. Only official and recommended Docker images are used as base images, following our security protocol.
Client Data:
All development and test environments are completely isolated from production environments. Client data is never used for development or model training. Developers are not permitted to store client data on local development machines.
Data at Rest:
All data is stored on encrypted disks within the Google Cloud Platform.
Data in Transit:
All publicly accessible services are available exclusively over HTTPS, as the use of HTTP is strictly prohibited. Our servers use TLS 1.3 for secure communication.
Internal communication within the Kubernetes cluster uses HTTP. However, since this is confined to the internal network, this is considered acceptable.
Penetration Tests:
We conduct regular penetration tests every two years, with the most recent test conducted in May 2023.
Vulnerability Scans:
We perform vulnerability scans and static code analysis after every change made to the master branch.