Stackfield meets all data protection requirements in accordance with the General Data Protection Regulation and even beyond. This page will introduce you to our security measures. The following links will provide you with a quick overview of the most important topics concerning the GDPR.
In order to strengthen the security of your account during login, you can use the two-factor authentication. If your password is compromised, this will prevent third party access to your account.
It is possible to additionally secure the authentication and verify the user by using a YubiKey.
Stackfields servers are located in Germany. Therefore, the use of Stackfield is compliant with European data protection law. That means you can also store customer data in the cloud without violating regulations.
Our end-to-end encryption protects data using a unique combination of AES and RSA algorithms. AES encryption comes with a 256-bit key length, while RSA encryption uses a 2048-bit key length. The encryption and decryption of the data takes place in the user's browser. In this way, we ensure that unauthorized parties can neither decrypt nor view the data - not even Stackfield being the software provider can do that. In other words, all relevant data is transferred securely encrypted to our servers where it stays encrypted all in rest.
Each data room is separately encrypted with an automatically generated password. Users do not need to remember these passwords to access data in their data rooms. A user receives the password after becoming a room member. Henceforth, the synchronization takes place automatically in the background.
What data is encrypted in encrypted rooms?
All relevant data is encrypted with our end-to-end encryption. Additionally we encrypt all data and personal information on the transit with the newest SSL encryption technologies, a 256-bit AES SSL/TLS encryption.
All data is stored in high security data centers. Automatic online backups prevent data loss in emergency situations caused by theft, virus attacks, hardware failure or natural disasters.
All data centers are ISO-27001 certified. They are protected by guards and video monitored 24/7, 365 days a year. Each data center has an emergency power supply and stores all data redundantly.
You can conclude the agreement required due to the GDPR with a few clicks.
Stackfield regularly conducts penetration tests to protect the platform from attacks and security breaches.
Stackfield's employees receive special training on data privacy and security.
Stackfields mobile apps have been tested and certified as Trusted App by APPVISORY.
The data of our users is stored multiple times mirrored, to ensure that it won’t be lost even in case of hardware failures.
To additionally protect the data, you can define centrally that access is only possible with active two-factor authentication.
For ease of use you can use the single sign-on for Stackfield, which automates user management.
Adding and editing of users can be done using the API of Stackfield.
The reporting feature shows when employees last logged in to Stackfield.
To track changes of an organization's settings, they are collected and displayed in a report.
All users are able to create an export of the respective personal data uploaded to Stackfield.
The selected options of the organization settings can be downloaded and saved by the administrators.
Access to the data of an organization can be limited to certain IP addresses by using the IP white list.
As soon as a login on an unknown device takes place, users receive an e-mail notification directly.
Each user can track exactly on which devices and via which IP addresses an access to their own account has taken place.
Precise rules on the strength and frequency of changing the password provide a high level of protection against unauthorized access.
Within an organization and the rooms, it is possible to determine who is entitled to which in-person access or to make changes.
Stackfield is focussed on a high availability of the platform and assures it through a service level agreement.