TheDude
/
openproject
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #10324 from opf/FAQ-GDPR

Browse Source 
Faq gdpr
pull/10325/head
Niels Lindenthal 3 years ago committed by GitHub
parent e8d02ba496 bdce9e7035
commit c8cf7e8989
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      docs/enterprise-guide/enterprise-cloud-guide/enterprise-cloud-faq/README.md
  2. 16
      docs/faq/README.md

19
docs/enterprise-guide/enterprise-cloud-guide/enterprise-cloud-faq/README.md
Unescape View File

@ -32,12 +32,23 @@ The data center (AWS) we use for Enterprise Cloud Edition is ISO27001 certified.
For more information please visit the [information regarding security measures](https://www.openproject.org/legal/data-processing-agreement/technical-and-organizational-data-security-measures) on our website.
## Where geographically is the OpenProject Enterprise cloud data stored?
## Does OpenProject employ sub-processors for the OpenProject Cloud Edition from outside the EU?
The OpenProject Enterprise cloud environment is hosted on a logically isolated virtual cloud at Amazon Web Services with all services being located in Ireland. AWS is a GDPR compliant cloud infrastructure provider with extensive security and compliance programs as well as unparalleled access control mechanisms to ensure data privacy. Employed facilities are compliant with the ISO 27001 and 27018 standards. OpenProject Enterprise cloud environment is continuously backing up user data with data at rest being fully encrypted with AES-256. Each individual's instance is logically separated and data is persisted in a unique database schema, reducing the risk of intersection or data leaks between instances. You can find more information [here](https://www.openproject.org/security-and-privacy/).
A list of all sub-processors used in the OpenProject Enterprise Cloud can be found [here](https://www.openproject.org/legal/data-processing-agreement/sub-processors/).
We also offer hosting in a German data center on request. Please [contact us](https://www.openproject.org/contact-us/) if you are interested.
Please note: For the OpenProject Enterprise Cloud we currently have two SaaS infrastructures:
**OpenProject.com**
This infrastructure is hosted at AWS in Dublin. For sending transactional emails we use the service Postmark which is based in the US.
**OpenProject.eu (beta)**
Starting from April 2022, we will also offer hosting of the OpenProject Enterprise cloud in our new SaaS infrastructure *OpenProject.eu*. In this new environment there is no transfer to sub-processors outside the EU. If you want to join the beta program please contact privacy@openproject.com (GPG Key: [BDCFE01EDE84EA199AE172CE7D669C6D47533958](https://keys.openpgp.org/vks/v1/by-fingerprint/BDCFE01EDE84EA199AE172CE7D669C6D47533958)).
**Migration after the beta phase in April 2022**
After the end of the beta phase we plan to migrate <u>all</u> customers to the new infrastructure *OpenProject.eu*. Before this migration we (Processor) will notify all clients (Controller) about the new sub-processors by email. After the expiry of the objection period of two weeks, the modification shall be deemed approved within the meaning of Article 28 (2) GDPR. If the the Controller objects by email to privacy@openproject.com within two weeks we will <u>not</u> migrate their data. For more information please have a look at [§ 8 "Sub-processors](https://www.openproject.org/legal/data-processing-agreement/#-8-sub-processors) in your DPA.
## Can I get a custom domain name instead of example.openproject.com?
@ -64,7 +75,7 @@ Currently, there is unfortunately no option to export all the documents in OpenP
Access to the database (including the PostgreSQL tables) is restricted for the Enterprise cloud edition due to technical and security reasons. Instead, you can use the OpenProject [API](../../../api) to both read and write data (where supported). If you require direct database access, you may want to take a look at the OpenProject [Enterprise on-premises edition](https://www.openproject.org/enterprise-edition) which you can run on your own server.
## Can I use LDAP authentican in my Enterprise cloud environment?
## Can I use LDAP authentication in my Enterprise cloud environment?
You can use [LDAP authentication](../../../system-admin-guide/authentication/ldap-authentication/) in your cloud environment. **However**, usually LDAP servers will _not_ be exposed to the internet, which they have to be for this to work.
Whitelisting IPs is no option since the OpenProject servers' IPs are not permanent and can change without notice.

16
docs/faq/README.md
Unescape View File

@ -23,22 +23,6 @@ Welcome to the central overview of frequently asked questions for OpenProject.
## Learn more about OpenProject
### What about data privacy, data security and GDPR conformity?
Data protection and security are one of the main motivations for the development of this open source application. Thus, you have the possibility to move the OpenProject application including your data to your own infrastructure at any time. Unlike other cloud tools, you can also take a look at the software code and adapt it if necessary.
For users who do not want to run OpenProject themselves, we offer a hosting product. Here we use subcontractors who are not based in the EU, too. We achieve compliance with the GDPR by using standard protection clauses (Art. 46 (2) (c) and (d) GDPR).
A list of the subcontractors currently used in the Cloud Edition can be found here: [https://www.openproject.org/legal/data-processing-agreement/sub-processors/](https://www.openproject.org/legal/data-processing-agreement/sub-processors/)
For our cloud product, we aim to completely eliminate subcontractors outside of the EU by the end of 2021. We have made a start by replacing Google Analytics with Matomo since 2020.
You can also send us encrypted emails to privacy@openproject.com. You can find the corresponding GPG key here: [https://keys.openpgp.org/vks/v1/by-fingerprint/BDCFE01EDE84EA199AE172CE7D669C6D47533958](https://keys.openpgp.org/vks/v1/by-fingerprint/BDCFE01EDE84EA199AE172CE7D669C6D47533958)
#### Is OpenProject Enterprise cloud GDPR compliant?
The OpenProject cloud environment is hosted on a logically isolated virtual cloud at Amazon Web Services with all services being located in Ireland.
AWS is a GDPR compliant cloud infrastructure provider with extensive security and compliance programs as well as unparalleled access control mechanisms to ensure data privacy.
Employed facilities are compliant with the ISO 27001 and 27018 standards. The OpenProject cloud environment is continuously backing up user data with data at rest being fully encrypted with AES-256.
Each individual instance is logically separated and data is persisted in a unique database schema, reducing the risk of intersection or data leaks between instances. Find out more about GDPR compliance on our [website](https://www.openproject.org/security-and-privacy/).
### How do I get access to the OpenProject premium features?
We offer the premium functions of OpenProject (incl. boards) for two different OpenProject variants:

Write Preview
Loading…
Cancel
Save