SECURITY POLICY

Backups / Disaster Recovery
 
We keep 14 full backups of each unicdo database for up to 3 months: 1 / day for 7 days, 1 / week for 4 weeks, 1 / month for 3 months.

Backups are stored in at least 3 different data centers in different regions

The actual locations of our data centers are specified in our Privacy Policy.

You can contact our Help Desk to restore any of these backups to your live database (or on the side).

 
Disaster recovery:

 
In the event of a disaster that prevents failover to our local hot backup if the data center is completely down for an extended period of time (this has never happened so far, it's just a bad-case plan), we have the following goals:

Recovery Point Target = 24 hours. This means that if the data cannot be recovered and we had to restore your most recent daily backup, you may lose your work for up to 24 hours.

Recovery Time Target = 24 hours for paid subscriptions, 48 ​​hours for free trials, training offer, free users, etc. This is if a disaster occurs and one data center is completely down, it's time to restore the service in a different data center.

How to achieve this: We actively monitor our daily backups and they are stored in place in different regions. We have automatic provisioning to deploy our services in a new hosting location.

We regularly use both daily backups and provisioning scripts for daily operations, so both parts of the disaster recovery procedure are always tested.

Database Security
 
Customer data is stored in a special database; no data is shared between clients.

Data access control rules apply complete isolation between customer databases running on the same cluster, it is not possible to access from one database to another.

Password Security
Customer passwords are protected by industry standard PBKDF2 + SHA512 encryption.

Unicdo staff do not have access to your password and cannot retrieve it for you, the only option if you lose it is to reset your password.

Login credentials are always securely transferred over HTTPS.

Password policies:

Unicdo has a built-in setting to require a minimum user password length. For older versions, it is possible to achieve the same effect through customization. Other password policies, such as mandatory character classes, are not supported by default as they have proven to be counterproductive.

Staff Access
 
Unicdo help desk staff can log into your account to access settings related to your support issue. For this, they use their own private personnel credentials, not your password.

This dedicated staff access increases efficiency and security: They can fix the problem you see instantly, but you never need to share your password.

Our Help Desk staff will try to respect your privacy as much as possible and will only access the files and settings needed to diagnose and resolve your problem.

System Security
 
All Unicdo servers run Linux distributions that are powered by up-to-date security patches.

Installations are instantaneous and minimal to limit the number of services that may contain vulnerabilities.

Only a few trusted Unicdo engineers are authorized to manage servers remotely, and access is only possible using an encrypted personal SSH key pair from a computer with full disk encryption.

Physical Security
 
Unicdo servers are hosted in reliable data centers and all of them must meet our physical security criteria;

Restricted environment that can only be physically accessed by authorized data center employees.

Physical access control with security badges or biometric security.

Security cameras that monitor data center locations 24/7.

24/7 on-site security personnel.

Credit Card Security
 
We never store credit card information in our own systems.

Your credit card information is always securely transferred directly between you and our PCI Compliant payment recipients.

 
Communication

All web connections to client instances are protected by state-of-the-art 256-bit SSL encryption.

Our servers are kept under strict security surveillance and are always patched against the latest SSL vulnerabilities, always making use of Grade A SSL ratings.

All of our SSL certificates use robust 2048-bit modules with full SHA-2 certificate chains.

 
Network Defense

 
Firewalls and intrusion prevention systems on Unicdo servers help detect and block threats such as brute force password attacks.

Unicdo, customer database administrators have the option to configure the rate limiting and cooling time for repeated login attempts.