Security

Bank-level security

At Docster we know that the data included in, and related to, your contracts is extremely important to you and your counterparties. The team at Docster work continuously to protect the privacy, security and integrity of your account and data. The security of your information is required for our success as a business and we take steps every day to ensure that it remains safe.

Here, we describe our processes for maintaining security throughout Docster.

ISO Certification

Our HybridCloud infrastructure is distributed through our facilities in Paris, France. These facilities are located in Data centers with certifications:

  • TIER III (99.982% uptime)
  • SSAE16/ISAE3402 SOC-1 Type II
  • ISO 50001
  • ISO 27001
  • ISO 9001
  • PCI-DSS
  • Infrastructure Validated by ICANN

Physical location security

We ensure that the machines within the Docster network are protected at all times. Docster’s servers run on PlanetHoster.

Access to our data centres is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures, 24 x 7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres by their employees is authorised strictly on a least privileged basis and is logged and audited routinely.

Docster employees do not have physical access to our servers. Electronic access to servers and services is restricted to a core set of approved Docster staff only.

Data security

Passwords

All passwords are filtered from our logs and are one-way encrypted in the database using the BCrypt algorithm.

Docster staff cannot view your password. If you forget your password, you must go through the reset procedure for your account to be accessible again.

Application, systems and software security

Your connection to Docster (including API access) is secure and encrypted using HTTPS. This is the same level of encryption used by leading banks and government agencies. Your documents are also stored and encrypted at rest using AES – 256 bit encryption. Each one is encrypted with a unique initialisation vector. As an additional safeguard, each key is encrypted with a regularly rotated master key. This means that even if someone were able to bypass the physical security (see below) and access a hard drive, they still wouldn’t be able to decrypt your data.

We adhere to industry best practices to prevent gaps in the security policy of the application and the underlying systems and to prevent common web attack vectors.

Docster also maintains a robust application audit log to include security events such as user log in and data changes.

We ensure that our software and its dependencies are up to date eliminating any potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.

Employee access and security

We regard your data stored within Docster as private and confidential to your business and counterparties.

Our production environment is completely isolated from the other environments — including development and testing.

Docster employees are granted access to systems and data based on their role in the company or on an as-needed basis.

Access to your contract data by Docster employees is only used to assist with support, to resolve customer issues and as outlined in the terms of service agreement with you. When working on a support issue we do our best to respect your privacy as much as possible and only access the minimum data needed to resolve your issue.

Privacy and data protection

All services employed in the supply of Docster meet the Luxembourgian Information Commissioner’s Office (ICO) requirements for EU data protection.

Availability

Docster provides a high level of availability due to our robust infrastructure. We are very transparent with availability and all incidents are reported and detailed via email reports.

Need to report a security vulnerability?

If you believe you have found a security vulnerability in Docster we encourage you to make this known to us right away. We will investigate all legitimate reports and will address the issue immediately. Responsible submission of security vulnerabilities can be made to sent by e-mail by following the guide below.

Reporting

Share the details of any suspected vulnerabilities with Docster’s Security Team by contacting us via e-mail. 

Please do not publicly disclose these details without express written consent from Docster. In reporting any suspected vulnerabilities, please include the following information:

  • Date the vulnerability was observed
  • Description of the vulnerability
  • Instructions to duplicate the vulnerability (this can be written steps, a video, or a set of screen captures detailing the proof of concept)
  • Your name and company (if applicable)
  • Your preferred contact information (email, phone, anonymous)
  • Your PGP to allow for encrypted communication (if available)

Learn how Docster can improve your company!

DOCSTER-document-automation-logo-white