Data processing (i.e., storage, disclosure through transmission, use, etc.) occurs exclusively on servers in the EU - unlike competitors, this also includes telemetry data. Data storage takes place in German data centers.
Stackfield only uses subcontractors, e.g. for hosting or sending emails, which are based in the EU and over which no control can be exercised from outside the EU.
As a German company, Stackfield is exclusively subject to German and European jurisdiction. This means at the same time that laws from EU third countries, such as the Cloud or Patriot Act from the USA, cannot be enforced.
Stackfield does not use any external tracking tools, such as Google Analytics or IP address based services - the data collected is processed exclusively by Stackfield.
To support our customers' data protection compliance, deletion rules are available from the Premium package onwards to ensure that all deletion deadlines are met without administrative effort.
The certification shows that Stackfield GmbH has considered the topic of information security in all areas, processes and scenarios, no matter if customer support or disaster case, and has implemented adequate solutions for any risks.
These measures reflect our commitment to meeting the highest standards of information security.
Due to the real end-to-end encryption all relevant contents are encrypted by AES and RSA algorithms. This way we ensure that no one except you and the people included in a workspace have access to your data.
Our end-to-end encryption protects data using a unique combination of AES and RSA algorithms. AES encryption comes with a 256-bit key length, while RSA encryption uses a 2048-bit key length. The encryption and decryption of the data takes place in the user's browser. In this way, we ensure that unauthorized parties can neither decrypt nor view the data - not even Stackfield being the software provider can do that. In other words, all relevant data is transferred securely encrypted to our servers where it stays encrypted all in rest.
Step 3 End-to-End EncryptionRSA-2048 & AES-256 Our end-to-end encryption protects data using a unique combination of AES and RSA algorithms. AES encryption comes with a 256-bit key length, while RSA encryption uses a 2048-bit key length. The encryption and decryption of the data takes place in the user's browser. In this way, we ensure that unauthorized parties can neither decrypt nor view the data - not even Stackfield being the software provider can do that. In other words, all relevant data is transferred securely encrypted to our servers where it stays encrypted all in rest. Each data room is separately encrypted with an automatically generated password. Users do not need to remember these passwords to access data in their data rooms. A user receives the password after becoming a room member. Henceforth, the synchronization takes place automatically in the background.
All data is transferred between your device and our servers using 256-bit AES SSL/TLS encryption.
Automatic offsite backups prevent data loss in states of disaster due to theft, virus attack, hardware failure, or natural disaster.
All data centers used are ISO 27001 certified and have redundant data storage.
You can conclude the agreement required due to the GDPR with a few clicks.
Stackfield regularly conducts penetration tests to protect the platform from attacks and security breaches.
Stackfield's employees receive special training on data privacy and security.
Stackfields mobile apps have been tested and certified as Trusted App by APPVISORY.
The data of our users is stored multiple times mirrored, to ensure that it won’t be lost even in case of hardware failures.
To additionally protect the data, you can define centrally that access is only possible with active two-factor authentication.
For ease of use you can use the single sign-on for Stackfield, which automates user management.
Adding and editing of users can be done using the API of Stackfield.
The reporting feature shows when employees last logged in to Stackfield.
To track changes of an organization's settings, they are collected and displayed in a report.
All users are able to create an export of the respective personal data uploaded to Stackfield.
The selected options of the organization settings can be downloaded and saved by the administrators.
Access to the data of an organization can be limited to certain IP addresses by using the IP white list.
As soon as a login on an unknown device takes place, users receive an e-mail notification directly.
Each user can track exactly on which devices and via which IP addresses an access to their own account has taken place.
Precise rules on the strength and frequency of changing the password provide a high level of protection against unauthorized access.
Within an organization and the rooms, it is possible to determine who is entitled to which in-person access or to make changes.
Stackfield is focussed on a high availability of the platform and assures it through a service level agreement.