This post is also available in: German

Data protection: Our highest priority

The security of your data is our highest priority. That’s why Conceptboard is not only developed entirely in Germany, but also deliberately host our servers in Germany. As the first virtual whiteboard solution on the market, we are also GDPR compliant.

Simplifying collaboration across the globe

Server location: Germany

In order to meet our self-imposed high standards and to guarantee the best data protection for our users, Conceptboard hosts exclusively in Germany. This is the only way we can ensure that all data is protected from access by unauthorized third parties. Not just today, but also in the future.

For those who feel this is not secure enough, we offer the option of a dedicated server or even on-premises hosting in your own data center.

Development location: Germany

We made a conscious decision in favor of Germany as our home for operations. Germany is reliable, secure and stable in terms of economic policy. In addition, we are aware of the social responsibility we have towards our customers and employees: only those who pay fair wages and tax profits domestically can actively contribute towards promoting and representing Germany as a future location for software developers. In addition, Germany’s infrastructure is among the best in the world. We develop in Germany. Not just today, but also in the future.

First priority: Data protection

We live and breath the General Data Protection Regulation. In accordance with European law, we are committed to protecting the fundamental rights and freedoms of natural persons, and in particular their right to the protection of all personal data.

Learn more about data protection.

Certified in accordance
with ISO 27001

Preserving the confidentiality, integrity and accessibility of information is our commitment. That is why we insist that our data management functions flawlessly when dealing with sensitive information. We are providing objective proof with our ISO 27001 certification. This officially confirms the effectiveness of our information security management system.

Download the ISO 27001 certificate.
Learn more about ISO 27001.

256-bit AES encryption

Strong encryption is a matter of course for us. No one should have to pay extra for their data security, so Conceptboard fully encrypts ALL data on its servers with AES 256-bit. What does this mean in reality?
Leading security experts are convinced that the time it would take to crack a single AES key is longer than the age of the entire universe.
We believe: that’s on the brink of what we consider safe for our customer data.

Conceptboard is part of the Bug Bounty Program

Responsible Disclosure Statement

At Conceptboard, the security of our systems is our top priority. No matter how much effort we put into system security, vulnerabilities can exist. If you discover a vulnerability, we’d like to hear about it so we can take action to fix it. We would like to ask you to help us protect our customers and our systems.

Bug found? What to do now

Don’t hesitate: submit your findings by clicking the following button

Do's

  • Test only on in-target domains: https://bounty.conceptboard.com
  • Report the vulnerability as quickly as is reasonably possible, to minimise the risk of hostile actors finding it and taking advantage of it.
  • Report in a manner that safeguards the confidentiality of the report so that others do not gain access to the information.
  • Provide sufficient information to reproduce the problem, so we will be able to resolve it. Usually, the IP address or the URL of the affected system and a description of the vulnerability will be sufficient. But complex vulnerabilities may require further explanation.

Dont's

  • Reveal the vulnerability or problem to others until it is resolved.
  • Build your own backdoor in an information system with the intention of then using it to demonstrate the vulnerability, because doing so can cause additional damage and create unnecessary security risks.
  • Utilise a vulnerability further than necessary to establish its existence.
  • Copy, modify or delete data on the system. An alternative for doing so is making a directory listing of the system.
  • Make changes to the system.
  • Repeatedly gain access to the system or sharing access with others.
  • Use brute force attacks, attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties to gain access to the system.

Our promise

  • We will respond to your report within 5 business days with our evaluation of the report.
  • If you have followed the instructions above, we will not take any legal action against you concerning the report.
  • We will not pass on your personal details to third parties without your permission, unless it is necessary to comply with a legal obligation.
  • Reporting anonymously or pseudonymised is possible.
  • We will keep you informed of the progress towards resolving the problem.
  • We will credit you as the discoverer of the reported problem in public communications (unless you request otherwise).

Thank you for your support!

If your vulnerability report is valid and you would like to be recognized for your contribution, we would be happy to induct you by name or anonymously into our Conceptboard Hall of Fame. Of course we will only include you in our “Hall of Fame” if you expressly request it.

We strive to resolve all issues as quickly as possible, and we would like to play an active role in the final publication of the issue once it is resolved.

Join 500,000+ collaborators

Productivity for teams of all sizes