Security

Your data security is our top priority. That's why all your data are stored in Switzerland in ISO 27001 certified data centers.

Virtual private cloud​

  • Hosted in ISO 27001 certified data centers
  • Hosted in Switzerland
  • Highly secure cloud-based SaaS offering

Multi-tenancy

  • Multi-layer tenant data segregation
  • Each tenant accessed from a separate subdomain

Encryption

  • HTTPS with TLS is used on all pages
  • The certificate was generated using a 2048-Bit private key
  • All data is encrypted during transit

Backups

  • Data is replicated in real time on a different server
  • Full database backup once a day
  • Backups are encrypted using an RSA key
  • Geographically redundant backups

High availability

  • Monitored on wedo.statuspage.io
  • Incidents reported on our status page
  • Contractually binding 99.9% availability

Customer controls access

  • Role-based permissions via Admin Dashboard
  • Two-factor authentication (2FA)
  • Integrates with your existing Identity Management*
  • SAML 2.0 interface for Single Sign-On & Active Directory*

* coming soon

Secure and compliant hosting

Our hosting providers and datacenters hold the following certifications

Frequently Asked Questions

Is the data located in Switzerland?

WeDo is hosted on CloudSigma and Exoscale, both based in Switzerland. The datacenters are located in Zürich (ZH). They are ISO/IEC 27001 (Information security management systems) certified. For more information: cloudsigma.com and exoscale.com.

What is your backup policy?

The database is replicated in real time on a different server. In case of failure of the primary database, the replica is used. A full database backup is done once a day. We keep the backups from the last seven days and the last four fridays. To protect against datacenter failure, backups are transfered to a different geographical location.

What is your development life cycle?

Every change in WeDo code goes throught a serie of automatic tests. Then, manual testing is done. If no problems are found, the code is published to production. To avoid mistakes, different static analysis tools are used during the development life cylce.

Do you use the HTTPS protocol?

WeDo uses HTTPS protocol everywhere. The Hypertext Transfer Protocol Secure (HTTPS) is an authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. 

How are passwords stored?

We enforce a certain level of password complexity. Every password must be at least 8 characters long and contain: one lowercase, one number and one special character. Every password is stored in the database in the form of a bcrypt hash using a salt and several iterations. If a user forgets his password, he can reset it with a link sent to his email address.

Do you support Two-factor Authentication?

You can enable Two-factor Authentication (2FA) to add an extra layer of security for your account. When enabled, 2FA requires an extra passcode when loggin in. This extra passcode is store in an app on your phone and is regenerated every 30 seconds. This makes things much harder for potential attackers, as they would not only need your username and password, but also be in possession of your 2FA device.

Can I export my data?

Legaly your data belongs to you. You can export them at any time directly from the platform in standard formats (PDF, XLSX or CSV). If you don’t renew your contract, we guarantee you enough time to access the platform to export your data. 

How is your Service Level Agreement calculated?

We guarantee an availability of 99.9% of the platform.

The monthly availability is computed with the following formula:

Definitions:

  • T = total number of minutes in the month
  • D = total number of unplanned downtime minutes in the month
  • M = total number of planned maintenance minutes in the month

If our availability is under the threshold, the downtime will be credited to your subscription duration.