Data privacy and the confidentiality of documents hosted on cloud services has always been a strong concern for users and companies. It has received even more attention recently and questions have started to show up on our different communication channels.
We take these concerns very seriously. Thus we wanted to give you an overview of our policy, the mechanisms we have implemented in our product and the technologies we rely on to make sure your data is secure and access is restricted the way you want it to be.
1/ Data Ownership, Access Policies and Privacy Terms when Using eXo
In the terms and conditions for using eXo Cloud, Paragraph 6 is about data:
eXo does not own any data, information or material that You or others submit to the Service in the course of using the Service (“Uploaded Data”). You shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use any and all Uploaded Data that You submit. eXo shall not be responsible or liable for the deletion, correction, destruction, damage, loss or failure to store any Uploaded Data.
The Customer and/or User are fully liable for the legality of all Uploaded Data stored by the Customer and/or User on the Service. Furthermore, the Customer and/or User is fully liable if such Uploaded data is infringing upon third party rights, and accordingly agrees to indemnify eXo for all claims and losses related to such infringement and/or illegality.
If eXo on its own or through any third party has notice that Uploaded Data stored by the Customer and/or User is in violation of any law or infringes third party rights, eXo shall have the unfettered right to, without liability to the Customer or User, immediately suspend access to such data without prior notice to the User or Customer. The Customer and/or User may be notified by eXo of any such action under this Section, when reasonable and possible.
For eXo Cloud Premium Accounts, the administrator shall have control over all applicable Uploaded Data submitted to the Service, and all Uploaded Data will be deemed to be owned by and the property of the applicable employer. Upon request by the applicable administrator, eXo may remove, modify, edit or otherwise alter any applicable Uploaded Data.
You own your data and have full responsibility over it. We have developed a full-featured social intranet where knowledge can be shared in real time. We value knowledge and we are sure you do as well. Your ownership of your data is at the core of our Platform and you not owning your data would go totally against what we are working for.
However, we do protect ourselves against illegal activities. While we have no way to know what data will be hosted, it wouldn’t be cool for us if Walter White and Jesse Pinkman decided to host their lab recipes on our service.
Refer also to the privacy terms of eXo Cloud for how we handle user details but rest assured, we use your identity to improve the services you subscribed for.
2/ eXo Platform Product Design and Access Controls
Security in Platform 4 has been designed for fine-grained access control. It’s role-based and can be set at different levels.
Intranet admins can widen or narrow access rights on documents as they see fit. They are able to define new groups of people and give them specific rights. And they can define access rights on space levels to restrict access to certain parts of the intranet.
On a lower level, space admins can set different access permissions on the data they own so they can secure them or make them public. By default, documents in a space will be accessible by members of the space. Space admins can decide to let others openly join a space or to validate each request to join.
On a user level, each user has a private storage drive in addition to a public drive (open to all other users of the intranet or workspace).
Also, and this has been a very important point for our customers, we are open source. Our customers are free to look at our code and check there are no ways outsiders could access their data. With recent events, I’m wondering why companies would still choose to share their value inside closed-source enterprise software. In such systems, there is no way to know what they can do with your data.
3/ Relying on Amazon Expertise for a Secured Cloud Service
On an infrastructure level, documents are stored via Amazon EBS and S3. Amazon expertise guarantees a secure cloud service. I’m not technical enough to go into details but this was an important check point before deciding to go with Amazon for eXo Cloud. You can find more information on Amazon website.
If you want to learn more about our security processes and the ways eXo Cloud processes your data, do not hesitate to ping us on the community website.