Versions Compared

Old Version 33

changes.mady.by.user Christoph Müller

Saved on

compared with

New Version Current

changes.mady.by.user Christoph Müller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

Table of Contents

We are constantly confronted with the same security, protection and safety questions. The Q&A below addresses all the cases we heard.

Please note, beforehand:

...

titleProduction data


Info

GRAVITY interacts with the HTML Tags in your applications DOM Tree. It never programmatically accesses any of the data below.

We guarantee by contract that the data we see is never accessed by our code. You may verify this on your own by inspecting our JavaScript code in your browser. This means, we never work with any of your business-critical data. The questions and answers below talk about GRAVITY content (data): thereby we mean content a content owner created and not your business-critical assets as we do not see or work with them.

Info
titleOn Premise

If you decided to host our backend On Premise. Naturally, physical protection, firewall configurations, server security and all other On Premise installations are out of our hands. We are happy to help you but can not guarantee the safety of your server in your data center.From a technical standpoint, our approach involves the calculation and storage of JQuery selectors, specifically from the BODY to the target element, utilizing the text() function solely for the target element. It's important to note that only the text of the target element and its descendants have the potential to be stored in our database, contingent upon the application's construction. Conversely, any text stemming from a form input will be disregarded, as inputs and scripts are not compatible with this function.

Table of contents

Table of Contents

Answers

How do you manage Security and Privacy in general?

...

VariantResidency (all envs) Company control over location 
On Premise The customer companyYes
Microsoft AzureBy Choice, but EUNo
OpsOne SwitzerlandNo! Within Swiss boundaries guaranteed by OpsOne AG.
OpsOne - EUGermanyNo! Within German boundaries.

Do I keep ownership over the GRAVITY content I enter (data)?

...

Rest: In our case OpsOne encrypts the data and keeps it safe (Linux Unified Key Setup ( LUKS)). On premise: the data safety cannot be guaranteed by Gravity Global AG or its cloud providers. 

...

Can I use my own companies authentication provider (IdP) utilising SAML for seamless SSO?  

Resources to build are available at customer’s costs (since the solution is proprietary and not yet supported by GRAVITY).  Yes - see configuration  

Do you guys offer any business continuity and disaster recovery management (certifications)?  

...

Depends on hosting choice. On Premise you are responsible for your servers. Different cloud providers offers SLA’s for partners and customers which we would acquire on the customers behalf (paid by the customer). Microsoft Azure has different subscriptions which can be chosen from. Since GRAVITY is not business critical and does not interfere with daily business, cheaper plans are advised.   If Gravity Global AG provides the hosting, we generally offer a 99% uptime of the service. Details are part of the offer and negotiation between Gravity Global AG and the customer.

Do you outsource any of IT or IT security functions to third-party service provider?  

...

Data-retention: Depends on hosting choice. Available through cloud provider’s service offering. 

On the website I see the following sentence “User activity is continuously monitored and progress can be tracked.” How do you ensure GDPR compliancy?

We are GDPR compliant, we collect no personal data besides the email address, we stated this in our wiki and at the top but here is an excerpt:

...

For our portfolio I need a detailed explanation of your product, is there one?

Yes, check it at Gravity GRAVITY overview.

What JavaScript files will you place on my application server?

None. Check our Gravity GRAVITY overview to understand how GRAVITY works. If you chose the hosting option On Premise there will be JavaScript files inside your data center but 99.99999% not on the same server as your application.

...

Detailed plugin descriptions are available at: Plugin Version 2.x Browser Extensions
There are only two things stored within the plugins local storage: A TTL and an URL.

...

The plugin will only be installed on the clients and not on the server.
Detailed plugin descriptions are available at: Plugin Version 2.x Browser Extensions

What kind of application controls such as e.g. logging mechanism, data quality check, error messages are implemented to ensure completeness, integrity, accuracy and authorization of data?

...

Yes. When we build our software we scan the built containers with Harbour. The containers are scanned with the Library Trivy.

What are your partners regarding the hosting infrastructure?

Regarding hosting infrastructure, we work with OpsOne AG in Zurich. OpsOne manages the Kubernetes infrastructure, storage, and backup for us. The hardware is housed within NTT’s Zurich 1 Data Center and the backup location DATAROCK in Nottwil (LU). For European hosting the hardware is housed in the NTT Rechenzentrum Frankfurt 1, with backuplocation in  Data Center Park Nürnberg. 

OpsOne AG is ISO/IEC-27001:2013 certified and member of "Swiss Hosting".