An overview of security measures and "privacy by design" approaches and best practices employed by Co. Society to protect both client infrastructure and end user data.
Co. Society emphasizes security and privacy, adhering to industry best practices to ensure our clients' digital safety. This article outlines our robust security measures and privacy-focused practices, demonstrating our commitment to a secure client experience.- Single-Tenant Architecture: Isolates each client's resources, enhancing security and reducing cross-client vulnerabilities.
- Dedicated Resources: Implements separate APIs, application gateways, and unique public IPs for each client, minimizing network vulnerabilities and DDoS risks.
- A+ Security Rating: Our platform achieves an A+ security rating, reflecting our adherence to the highest web security standards.
- No Azure or Google Workspace Permissions Required: Our app operates without needing specific Azure or Google Workspace permissions from clients, minimizing the risk of unauthorized access. However, for organizations opting to use Microsoft Office 365 authentication with the Co. Society desktop app, a one-time consent for two specific permissions ('openid' and 'profile') by an Azure Admin is required. This exception is solely for enhancing security and personalization for users choosing this sign-in method.
- Enhanced Desktop Application Security: Co. Society’s desktop application offers superior security over browser-based alternatives. By leveraging the inherent security features of Windows, such as integrated authentication and local data storage, our app provides an additional layer of security against common web vulnerabilities. This approach significantly reduces the attack surface, offering our clients a more secure environment for their sensitive data and operations.
- Secure Authentication: Leverages the Azure Identity Experience Framework for secure and private authentication processes.
- Limited Data Collection: Collects only essential client data, aligning with privacy regulations and minimizing data breach impacts.
- Non-Persistent Messaging: Stores messages only during user sessions, enhancing privacy and reducing data breach risks.
- Superior Security with Minimal Third-Party Dependencies: Reduces reliance on third-party components, offering robust defence against external threats.
- End-to-End Encryption for All Communications: Ensures comprehensive encryption for all communications, safeguarding against unauthorized access.
- EU-Based Infrastructure: EU-Based Infrastructure and Compliant Data Processing: Co. Society utilizes EU-based infrastructure and collaborates with partners under Data Processing Agreements (DPAs) that adhere to GDPR standards for enhanced data protection. All client data is processed and stored in strict compliance with EU's stringent privacy laws through standard contractual clauses, ensuring our unwavering commitment to data security and client privacy.
- Regular Security Updates and Monitoring: Continuously updates and monitors systems to address new vulnerabilities and threats.
- Secure Client Infrastructure with Backups: Ensures the security of all client infrastructure through comprehensive backup strategies, protecting against data loss and facilitating quick recovery in the event of an incident.
- Anonymized Data for Analytics: Ensures that all end user data collected for analytics purposes is anonymized, affirming our stance against performance or time tracking without explicit user consent.
This content is subject to change as our product and security practices evolve. For further information and documentation on Co. Society's security measures, client infrastructure, and best practices, please contact Co. Society directly. Our team is dedicated to providing transparent and effective security solutions to meet the needs of our clients in a rapidly changing digital world, always prioritizing their security and privacy.