Your data needs the best protection

Strict security standards according to GDPR

Stackfield meets all data protection requirements set out in the General Data Protection Regulation - and even beyond. This page introduces you to our security measures - for a quick overview of key privacy policy issues, you can click on the questions below to learn more about each topic:

How does Stackfield protect your data?

1. Step
Two-Factor Authentication

In order to strengthen the security of your account at the login, you can activate the two-factor authentication. Should your password be compromised, this will prevent a login by unauthorized persons.

Using a YubiKey additionally secures the access to Stackfield and helps to verify the user.

2. Step
End-to-End Encryption

RSA-2048 & AES-256

Our unique End-to-End Encryption encrypts your data by using a unique combination of AES and RSA algorithms. For the encryption with AES a key length of 256 Bits is used, while the RSA encryption takes place with a key length of 2048 Bits. Hereby all relevant data are de- and encrypted directly in the browser. In this way, we ensure that no unauthorized persons - not even we as platform provider - can decrypt or view your data. All relevant data are thus transferred encrypted to our servers and stay encrypted all in rest.

Each data room is encrypted separately with an automatically generated password. The user does not need to remember these passwords to access the data of the data room - the standard login password serves this need.

Which data is encrypted in encrypted rooms?

Communication

Text messages

Discussions

Title
Description
Comments

Files

File Contents

Tasks

Title
Description
Subtasks
Description of time entries
Comments

Snippets

Title
Code

Documents

Title
Description
Comments

Events

Title
Agenda
Location
Comments

3. Step
Highest SSL standards

All data are encrypted with our end-to-end encryption, but additionally we encrypt all data and personal information on the transit with the newest SSL encryption technologies, a 256-bit AES SSL/TLS encryption.

4. Step
Server located in Germany

Stackfield’s server are located in Germany. Therefore we meet the European Data Protections Directives. This means for example that you can save files with sensible customer data without violating the laws.

5. Step
Offsite Backups

All data are saved in high security data centers. Automatic online backups prevent data loss in any disaster like theft, virus attack, hardware failure or natural disaster. Your data will always stay encrypted, the backup does not change that.

6. Step
ISO 27001-Certified Data Centers

All data centers are ISO 27001 certified and protected by video and guards 24 hours a day and 365 days a year. The data are stored redundantly in all data centers. Besides these protective measures our data centers are equipped with emergency electrical power supply.

Supporting Security Features

Data Processing Agreement

Concluding the necessary agreement regarding the GDPR can be done with a few clicks.

Penetration Testing

Stackfield regularly conducts penetration tests to protect the platform from attackers and vulnerabilities.

Employees trained in Data Protection

Stackfield's employees are specially trained in data privacy and security.

Certified Mobile Apps

Stackfield Mobile Apps have been reviewed by APPVISORY and certified as Trusted App

Redundancy of the systems

The data of our users are stored multiple times mirrored, so that even with hardware failures no data gets lost.

Two-factor authentication required

To protect the data, it can be centrally determined that only a access with active two-factor authentication is possible.

Single Sign-on

For easier use of Stackfield, single sign-on can be implemented, which automates the management of users.

User Provisioning via API

Adding and editing of users can be done using the API of Stackfield.

Reporting on Employee Logins

The reporting feature shows when employees last logged on to Stackfield.

Reporting about changes of the organization settings

To track changes of an organization's settings, they are collected and displayed in a report.

Export of all personal data

All users are able to create an export of the respective personal data uploaded to Stackfield.

Export of organization data for administrators

The selected options of the organization settings can be downloaded and saved by the administrators.

Access restrictions by IP addresses

Access to the data of an organization can be limited to certain IP addresses by using the IP white list.

Login notifications when using unknown device

As soon as a login on an unknown device takes place, users receive an e-mail notification directly.

Access log for each account

Each user can track exactly on which devices and via which IP addresses an access to their own account has taken place.

Password Policies

Precise rules on the strength and frequency of changing the password provide a high level of protection against unauthorized access.

Compliance rules for each organization

Within an organization and the rooms, it is possible to determine who is entitled to which in-person access or to make changes.

Service level agreements regarding availability

Stackfield is focussed on a high availability of the platform and assures it through a service level agreement.