Your privacy and the security of your intellectual property are primary concerns to us, the Digital Republic Media Group GmbH, Mansfelder Str. 56, 06108 Halle (Saale), Germany (hereinafter “Conceptboard Company”, “we” and “us”) as the operator of the service “Conceptboard”. In this document we give an overview of the security measures taken by us to protect your content and data hosted on our platforms. The policies and practices outlined here apply to all our licenses, although customized and even higher security settings as well as On-Premises versions are available in our Enterprise plans.

Data storage

Conceptboard’s servers are located in Amazon’s AWS data centers in Ireland. Amazon’s data centers employ a set of advanced physical, network and software security measures to ensure integrity and safety of customers’ data. These measures include secure access using SSL/TLS, built-in firewalls, multi-factor authentication (MFA), encrypted data storage and others.

For further information about security and compliance of AWS, please review these links:
http://aws.amazon.com/security/
http://aws.amazon.com/compliance/

Please note that you can always host Conceptboard in your own data center by using our On-Premises solution.

Backups

We backup all new and changed data every 10 minutes and create additional full backups on a daily basis. All data is persisted in a durable storage service which is stored redundantly in multiple facilities of our service provider. All data in the storage service is stored encrypted with the AES-256 encryption standard.

Data transfer and transport encryption

Conceptboard provides constant secure and encrypted communications between our servers and all connected users. Our servers support current technologies and accepted industry standards for ensuring a constant transport encryption. Depending on the user’s client, our servers will support TLS1.2, 256-bit AES in GCM with elliptic curve cryptography, and forward secrecy.

For more details about our transport security see the Qualsys SSL test report for conceptboard.com. In addition, we keep up to date on issues brought up by the security community and promptly upgrade the app to respond to new vulnerabilities as they are discovered.

Confidentiality and data sharing

Collaboration in Conceptboard takes place within interactive workspaces (the “boards”), and we regard all information you add, upload or otherwise transfer to your boards as private and confidential. By default, the board and its content is only accessible to you. You are in full control over which users or guests you grant access to, and which access role you assign these invited guests/users.

Also we restrict our employee’s access to the board. If, in order to diagnose a problem you are having, we would need to do something which would expose your data to one of our employees, we will always ask your permission beforehand and we will not proceed without your consent.

For more information regarding privacy see also our Privacy policy.

Confidentiality and data conversion

Conceptboard is compatible with a lot of different file formats, that need to be converted before displaying them within the different browsers. By default, this conversion is done by our own servers, but in some cases (depending on the content types) we use an external service provided by Aspose Pty Ltd, Suite 163, 79 Longueville Road, Lane Cove, NSW, 2066, Australia (“Aspose”) for optimal results. Aspose handles all information confidential, only saves your data temporary for the time of the conversion and does not preserve any copies of your content or the converted results.

For further information please see the section Confidentiality in their Terms of Use.

Please note that the Aspose conversion is an optional feature and can be disabled within our Enterprise solutions.

Passwords and Third Party Social Login

Conceptboard follows accepted industry standards of storing only a salted cryptographic hash of your password. This means we don’t store your passwords in such a way that it could be compromised by an attacker. All access to Conceptboard is done over encrypted channels (using HTTPS) including the transmission of the password from the user’s browser to the Conceptboard servers.

In the case of third party login methods (Twitter, Facebook, Salesforce, Google) all processing of user credentials is done on the third-party’s own systems. Conceptboard does not post anything to your social channels without your consent. Any posting of information (such as a board) to a social channel must be initiated by the user.

Credit Card Information

We do not store your credit card information. We’ve partnered up with Wirecard, Europe’s leading specialist for payment processing to handle all credit card transactions.

 


 

If you have additional questions regarding data privacy, security or confidentiality we’d be happy to answer them. Please write to support@conceptboard.com and we’ll respond as quickly as we can. We’d like to thank the security researchers which helped us to improve Conceptboard.