VIINDOO SERVICE LEVEL AGREEMENT

Databases that are stored on Viindoo.com always earn the following services:  
                   

          Back to top

     Continuous uptime – 99,9%

    • Customer databases are stored in many different locations over the world.  

    • Each customer database is backed up in real time on a backup storage that is located in the same data center.

    • We partner with various hosting providers all over the world, always ensuring at least 99.9% uptime.

    • So we can guarantee 99.9% monthly uptime (excluding planned maintenance) *

    • This corresponds to a non-planned downtime of up to 45 minutes/month.

    • We usually offer much better uptime than this (100% most months), as our providers always offer much better uptime than their Service Level Agreement.

* These metrics refer to the availability of the platform we offer to all customers. Individual databases may be temporarily out of availability for specific reasons, often related to customer actions or customizations.

            Back to top

      High availability

    • Our data centers are Level III certified or equivalent, with N+1 backups for power supplies, networks, and cooling systems.

    • Each customer database is backed up in real time on a backup storage that is located in the same data center, therefore, a backup switch can occur quickly in the event of a hardware error without losing data.

           Back to top

Disaster backup and recovery 

A disaster can be any unexpected malfunction that leads to a slowdown, disruption or breakdown in the main system or network. These incidents can be caused by natural disasters (such as fires, earthquakes, hurricanes...), technological errors, destructive behavior, incompatibility or human error.

    • We keep 14 full backups of each Viindoo database for up to 3 months: We fully back up your data every 24 hours. In every week, a full daily backup (no later than that week) will be promoted and considered a weekly backup. In every month, the latest weekly backup will be promoted to a monthly backup (see simulation).

    • Backups are located in at least 02 different data centers.

    • You can manually download backups of your data at any time using the control panel. 

    • You can contact our Helpdesk to restore any backups in your current database

    • For disasters that affect only one server, our disaster recovery plan has the following metrics:

      • RPO (Recovery Point Objective) = 24 hours, i.e. it might take up to 1440 minutes of work

      • RTO (Recovery Time Objective) = 02 hours, i.e. the service will be back to online after up to 120 minutes (Include standby time + DNS transfer time). It might take longer if the customer's data is large.

    • Disaster recovery: in the event of a complete disaster and the data center has temporarily shut down for a long time, preventing the transition to our emergency backup mode (which has never happened, this is the plan in the worst case scenario), we have the following objectives :

      • RPO (Recovery Point Objective) = 24 hours, i.e. you can take up to 1440 minutes of work if the data cannot be restored and we need to restore your latest daily backup. 

      • RTO (Recovery Time Objective) = 04 hours for paid subscriptions, 08 hours for free trials, etc. This is the time to restore service in another data center if a disaster occurs and the data center completely shuts down. 

      • How this is accomplished: we actively monitor our daily backups, and they are replicated in multiple locations across different countries. We have automatically redundancy to deploy our services at a new storage location. Data recovery based on our backups from the previous day can then be performed after a few hours (for the largest clusters), preferring paid subscriptions. We regularly use both daily backups and scripts that provide daily operations, therefore, both parts of the disaster recovery process are checked at all times.  

           Back to top

Security

Your data security is vital to us and we design our systems and processes to ensure that data. Here are some highlights:

    • SSL - All web connections to customer devices are protected by 256-bit SSL encryption (HTTPS with 2048-bit modular SSL certificates) and run behind an A-class SSL stack. All of our certificate chains are using SHA-2. 

    • Reliable platform - Servers with full hardware assurance, backup data storage, networks, and power supplies. 

    • Password - Customer's passwords are protected by PBKDF2 + SHA512 encryption according to industry standards.

    • Secure system - Our servers are running the latest Linux distributions with updated security patches, with anti-intrusion firewall and measures.

    • Do not share data - Customer data is stored in dedicated databases - no data is shared between customers and not accessible from one database to another.

           Back to top

Database security 

    • Customer data is stored in dedicated databases - no data is shared between customers 

    • Data access control rules perform completely separately between customer databases running on the same cluster, which is not accessible from one database to another.

           Back to top

Password security

    • Customer's password is protected by PBKDF2 + SHA512 encryption.

    • Viindoo employees do not have access to your password and cannot retrieve it for you. If you lose/forget your password, you will need to reset it.

    • Login information is always transmitted securely over HTTPS. 

           Back to top

Helpdesk

    • Viindoo Helpdesk staff may ask to use your account to access the relevant settings or ask you to create a decentralized support account with documentation related to the issue that you requested to be supported. At the end of the support process, you need to change the password or archive the support account. 

    • Our Helpdesk staff strives to respect your privacy as much as possible and access only the files and settings necessary to diagnose and resolve your issue.

           Back to top

System security 

    • All Viindoo Cloud servers are running the latest Linux distributions with up-to-date security patches. 

    • Only some trusted Viindoo engineers have remote server management permissions – and can only access using an encrypted personal SSH key pair, from a computer with full disk encryption. 

           Back to top

Physical security

Viindoo Cloud servers are stored in reliable data centers in various locations over the world, and they all must ensure our physical security criteria: 

    • Limited access, only physical access by authorized data center staff. 

    • Physical access control with security cards or biometric security.   

    • Security cameras monitor data center locations 24/7. 

    • Security guards on site 24/7. 

           Back to top

Information connection security    

    • All web connections to customer versions are protected by modern 256-bit SSL encryption. 

    • Our servers are strictly protected and always fixed the latest SSL gaps, always earned an A-rated SSL rating at all times. 

    • All of our SSL certificates use a 2048-bit module with full SHA-2 certificate chains.

           Back to top

Network security

    • All data center providers used by Viindoo Cloud have very large network capacity and have designed their infrastructure against the largest "Distributed Denial of Service (DDoS)" attacks. Their automated and manual mitigation systems can detect and redirect attack traffic at the edge of the multi-intercontinental network, before it can affect the availability of the service provided. 

    • Firewall and intrusion prevention systems on Viindoo Cloud servers help detect and block all threats such as password attacks. 

    • Customer database administrators can optionally configure speed and timeout limits for repeated login attempts.

           Back to top

Independent security checks  

Viindoo is regularly checked by independent companies hired by our customers and prospects to perform system intrusion testing. Viindoo Security Team receives results and takes appropriate remedies whenever necessary. 

However, we cannot disclose any of those results because they are confidential and belong to those in authority. Please don't ask.

           Back to top

Any questions? Contact us

If you have questions about Viindoo Service Level Agreement, our data processing activities or your transactions with this website, you can contact the Data Privacy Officers

   



Website is owned and operated by Viindoo.

Last modified date: February 25, 2021