Caag Software offers a cloud-based information management software solution. Helping to protect the confidentiality, integrity, and availability of our customers’ information and data is of utmost importance to our company, as is maintaining customer trust and confidence. This document is intended to answer questions such as, “How does Caag help me protect my data?” This document provides an overview of security as it pertains to the following areas:
In order to take full advantage of our web (browser) based software we offer a cloud-based solution. This implies that all information is stored in a data center (Tier 3) and is accessible from any location with Internet. At this point in time, Caag uses Linode for the storage of our customers’ data and Amazon S3 for file storage. We guarantee a 99.9% uptime, which can be can be monitored here: https://status.caagcrm.com/
In order to gain access to the Caag software an account needs to be set up. This provides the user with a username and password. It is the responsibility of the user to make sure this username and password combination does not get in the wrong hands.
As an additional security measure, all passwords are stored via a one-way hash algorithm. This turns any amount of data into a fixed-length “fingerprint” that cannot be reversed. It also has the property that if the input changes by even a tiny bit, the resulting hash is completely different. This is great for protecting passwords, because we want to store passwords in an encrypted form that is impossible to decrypt without the proper credentials, but at the same time, we need to be able to verify that a user’s password is correct.
Two-Factor Authentication (2FA)
With regards to the Caag software, two-factor authentication refers to a username & password combination and a token device. Users can set up 2FA in their user profiles. We recommend adding this extra security layer in case of sensitive data.
Caag implements the latest methods and structures to keep the Caag infrastructure secure and free of intruders.
All our clients’ information is stored in a separate database, one for each client. This also gives us the benefit of completely moving a client to its own server. All files that are uploaded will be stored on the server without the proper filename. Only the tenant database has the filename and the proper metadata.
Connections between the servers and Caag system administrators are always encrypted, require the strongest passwords, and have Two-Factor Authentication enabled.
Our server uses a firewall that only allows port 80 (HTTP) and port 443 (SSL) to go through.
To login to the server a special certificate is required, which is strictly in the possession of Caag management. It is not possible to login with a username & password. Also logging in as administrator is disabled. Once logged in you are required to “upgrade” your login status to administrator via an additional password.
Backups & Redundancy
We offer complete redundancy of your databases which means that your data is always in at least two different servers at any time. In addition, we make a full backup every 2 hours of all databases between 5AM and 9PM based on your region and time zone. The system logs are backed up daily.
Caag stores the database backups indefinitely and we offer the option to send automatic backups to a customer’s Dropbox account in real-time. Caag saves all files that are uploaded to the system to Amazon S3 and a backup to Dropbox. These backups can also be sent to the customer’s Dropbox account in real-time.
Caag implements the latest SSL encryption methods and implements advanced encryption between all communication between Caag, third-parties and end-users.
Caag uses a third-party service to send and receive emails into the system through a shared account / IP address. We make all efforts to prevent to be “blacklisted” in the most popular email services. Users can request a dedicated IP for an extra monthly cost.
If you have any questions or concerns regarding the Security of your data, please contact us at [email protected]