Security Policy | Plum - The Online Project Management

Security Policy

Plum SaaS has established the line of action below to demonstrate the commitment of our company in terms of security for Plum.

The following information deals with the security policy and accessibility of our services.

The Plum Security Policy is an annex of the Terms of Service ("CGU") and is part of the Contract concluded between the Customer and Plum SaaS.

In the case of the Customer has subscribed or has access to the Service via a third party to Plum, the Customer must refer to the Appendix "Third Party Service" to see how these apply.

Last updated Tuesday, October 18, 2011.

Secured Website
Plum SaaS understands the importance you attach to the security of your personal and business information.
BY CLICKING ON THE BOX "I ACCEPT THE SECURITY POLICY", YOU GIVE YOUR CONSENT AND YOUR AGREEMENT TO BE BOUND TO THE LATEST SECURITY POLICY GOVERNING YOUR USE OF THE SERVICE PLUM.
IF YOU JOIN THIS DOCUMENT ON BEHALF OF A CORPORATION OR PHYSICAL, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND THAT PERSON TO THESE TERMS.
Any distribution or transfer of information and documents to and from Plum takes place through our secure servers.

User login
Only members can view an account's dashboard and the content thereof. Each user chosen for this purpose, a password of its own. Passwords of users are recorded in a format encoded in one way and are not accessible by the employees of Plum SaaS.

After entering the required information for registering a new user, you can access immediately to your user account. The password is not transmitted separately by an other means, you set yourself directly during recording.

If you forget your password or if your password does not work for whatever reason, you have the opportunity to re-identify by following these instructions:
- Go to Lost password
- Enter the e-mail and validate.
- You will receive a new password and the process to activate it.

Every time you connect to the system, you will be asked to identify yourself by entering the e-mail address and password that you have previously provided. If the connection is established, you enter in a unique "identification session" (doesn't include any request for personal identifying information) that will allow you to use the system as long as you stay there.

Protection of the transfered information
We use encryption technology to ensure secure transmission of your information and documents when you are connected to the system.

Protection of the stored information
Plum SaaS has established a number of actions in order to protect customers' information when they register in the system:
- Using a firewall to protect our server farm and all the information recorded.
- The use of a monitoring system and application activity logs to identify any unusual activity from authorized and / or unauthorized individuals to access to our systems and / or alter stored information.
- Hosting our server farm in a highly secure building to provide additional protection against intrusion without access authorization and against any changes of information.
- Any document stored on Plum is automatically encrypted by a unique key and saved anonymously in a secure database to make it impossible to identify.

Plum SaaS has no means to get into the project of a client. It is therefore impossible for the employees of Plum SaaS to access to the documents of their customers. In addition, Plum SaaS has made special arrangements in order that only a few key-people are informed of the design and implementation of the security system. Every employee at Plum SaaS is bound by a confidentiality agreement prohibiting the access and dissemination of information managed by clients of the company on the Plum service.
In addition to customer data, we may store some personal information in our databases and cookies. For a complete list of personal information stored on Plum, please refer to our course of action for the protection of personal data.

In addition, our software infrastructure is regularly updated to incorporate the latest security fixes on our servers but also in our development environments, deployment and execution.
The entire Plum service is hosted on Linux and Debian operating systems and in a Symfony framework both in their respective latest versions.

Internet connection and servers architecture
The server farm Plum includes a series of redundant hardware components ASPSERVEUR hosted by the following coordinates:

SARL ASPSERVEUR au capital de 100 000 €
RCS Marseille 451 777 254
Code APE 6311Z
Headquarters : 785 voie Antiope, ZA Athélia III - 13600 La Ciotat - France.
CEO : Sébastien ENDERLÉ

Among these components are :
- Network infrastructure from our host that is completely redundant in order to overcome any shortcomings. The host has, on each physical site, two different optical links providing a connection to the rest of our network and to the Internet.
- Redundant firewalls with filters and fail-over configuration.
- Internet servers and applications as multiple load balancers multiprocessor servers.
- Highly secure computer rooms including air conditioning systems, UPS, backup systems and fire protection.

For more information :
- Contrat pour l'hébergement dédié.pdf
- Contrat service level agreement (SLA).pdf
- or directly http://www.aspserveur.com/cgv.asp

Backup Procedures
Plum SaaS has established the following backup procedures:
- All backups are encrypted.
- A full backup is done every week.
- Backups are transferred to our facility where they are long-term stored in hard drives.
- Plum SaaS has procedures to recover data from backup.

Accessibility
Plum SaaS is committed to providing access to the Plum service to its customers as specified in detail in the terms of use and as stated periodically on the websites of Plum SaaS.
Plum SaaS commits to take steps to ensure that normal service is accessible 24/7. Plum SaaS has the right to take measures that affect the aforementioned access until the full cut off of the Plum service, if Plum SaaS estimates it necessary for technical reasons, service, operational or safety related. The client must be informed and accept that access to the Internet can't be guaranteed and Plum SaaS can't be held responsible for any shortcomings due to the clients' connections to the Internet. In the event of defects or deficiencies attributable to Plum SaaS, Plum SaaS undertakes to correct them as soon as possible. In the absence of intent or gross negligence of Plum SaaS, Plum SaaS is not responsible for imperfections or deficiencies of the Plum service. The client must communicate any error notification in accordance with the instructions set periodically by Plum SaaS and within a reasonable time following the failure finding.

Secured payment

For the security of your payments, we use "CM-CIC Payment", the payment solution credit card developed by our bank CIC, the leader in online banking in France. With this system, your payment is made directly on the secure server CIC on our account. At no time, your card number will be communicated to us. The exchanges are encrypted and secured using SSL 3 (Secure Socket Layer) on the Internet, this standard is used in all the secured exchange.

Anomalies management
Plum SaaS has paid attention to the anomalies detection in the customers applications. If anomalities occur, they are transmitted with their context to the operations team for analysis. Similarly, the Plum SaaS suuport can enable trace on a client account and / or a user to detect anomalies that won't be reproduced outside of the environment of the user. Our traces of operations provide no information on the nature of the plotted data, and just allow to understand the application logic.

However, after discussion with our support team for your express consent, we can enable more detailed traces that can possibly contain confidential data.

Recovery plan in case of breakdown or emergency
Temporary loss of a hosting center: this temporary loss (highly unlikely anyway, see "Internet connection and server architecture") can happen in cases where the center is no longer supplied with electrical energy and / or Telecom Connection . In this case, the service stops working.

Corruption service BDD logic, data loss: if the database for logics services is highly corrupted and demand a restoration of an older version to restart, we may be required to restore service by using a recent archive, in this case, the last updated data will be lost. In this situation, although unlikely, we use the last uncorrupted version (at the later J less one week cf Backup Procedures).

Permanent loss of a hosting center or loss of a cluster: this would be extremely unlikely unless large-scale natural disaster and / or war. In this case, Plum SaaS has its backup service and can transfer customer accounts to another cluster running elsewhere on the planet (if we are still alive, of course).

Loss of data
In the event of data loss by the Services and / or SaaS subscriptions Plum Plum Plum Premium Business Partner, Plum SaaS is committed to make every effort to retrieve the data through backups and all mechanisms at their disposal. In case of loss of data by a user of an Account both voluntary (lack of functionality) that involuntary Plum SaaS can not be held responsible and is under no obligation to recover the data.

Changes of this Policy
Plum SaaS reserves the right to modify or amend this Security Policy at any time, for whatever reason. Users will be notified of these changes through our websites or our newsletters.