Safety & Security
How do we ensure your data protection?
At Woodpecker.co we deeply care about our users’ data security. We realize it is essential to earn your trust, that is why we do what we can to make Woodpecker the safest place possible. We implement a variety of security measures to maintain the safety of all personal information you provide us with. In this Safety & Security section you will find information on how we protect your data and how the servers that process it are protected.
Excluding off-side backup, Woodpecker is hosted on OVH’s (one of 3 best internet hosting companies in the world) servers. Our OVH servers are located in France and in Canada.
2. Sensitive/credit information security
Your account is protected by a password for your privacy and security. You are responsible for preventing unauthorized access to your Woodpecker account and all the personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you finish accessing your account. We outsource payment processing to ensure the highest standard of safety. We decided to use Braintree as one of leading solutions regarding payment collection. To assure the safety of your sensitive/credit information, we use a secure server. All supplied sensitive/credit information are transmitted via Secure Socket Layer (SSL – a technology which ensures privacy by generating an encrypted link between web server and browser) and then encrypted into our payment gateway providers database only to be accessible by those authorized with special access rights to such systems, and are required to keep the information confidential. After a transaction, your private information (credit cards, passwords, financials, etc.) will not be stored on our servers.
3. Passwords at Woodpecker.co
All passwords to Woodpecker accounts are protected with RSA 2048 encryption. Our personnel is unable to access your email account passwords, unless you explicitly share such data with them. To make sure your information is transmitted via SSL, you should see a green closed padlock by the HTTPS connection in your URL bar at all times. You can learn more about SSL in this video made by SSL.com themselves.
4. Backups & infrastructure security
Woodpecker uses a. triple encrypted data backup; b. protection against DDoS attacks; c. Firewall; d. private IP addresses. Database dumps take place every hour and the data stored on WWW hosting is copied each 6 hours in order not to loose any of the data provided by our users. We want to minimize the situations in which the data that user is adding to Woodpecker is not saved due to a sudden update of the infrastructure, that is why the infrastructure updates take place only when necessary. What is more, the Woodpecker team makes sure that all additional actions are taken to maintain a secure infrastructure and application environment, that is why we cooperate with a group of experienced admins who monitor system activity 24hours/7 days a week. We have implemented an effective disaster procedure what ensures that we are able to detect and recover data in case of most errors.
Physical security of servers & data centers
The data centers are under 24/7 security, constant conservation, constant registered monitoring, and movement detection. All spheres are protected with fences equipped in barbed wire, which enables only authorized personnel to enter the data centers and react immediately to any emergencies.
We take the safety of your information very personally, that is why we work within and implement the regulations of ISO 27001 data safety management system on the daily basis. Currently, we are in the process of confirming our actions to maintain security and safety of our users’ data by having them certified.
System status security
We are extremely proud of a very small number of incidents that have caused any breaks in the access to Woodpecker. We are not ashamed of any difficulties occurring in the past, that is why we keep the history of our system status out for public. However, in case of any issues in the future we make sure to constantly monitor the status of our system and inform our users of any problems. You can take a look at the current status of the system in our System Status page and even subscribe for email updates, which will inform you of any issues or planned maintenance breaks if they ever took place.
Compliance with Google API Services Policy
Our use and transfer to any other provider of information received from Google Accounts will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Disaster Recovery Policy
This policy explains a baseline disaster recovery plan and timeline implemented by Woodpecker. It shall guarantee transparent and reliable system functioning. This policy shall have an informative character for all customers (in particular once it comes to risk assessment and data safety).
This policy applies to Woodpecker application available via https://app.woodpecker.co/ and shall affect data stored by Woodpecker.co once aggregated through the application. This policy details the strategy Woodpecker has put in place, and maintains, to risk assess Disaster Recovery (DR) requirements and develop, implement and regularly test the solution aimed at providing an appropriate response for each service depending on its identified criticality. For the purpose of this Policy, disaster shall mean a serious incident that cannot be managed within the scope of Woodpecker’s normal working operations.
Woodpecker uses security measures which ensure a high standard of data safety – you can read more about it here. Our Disaster recovery is based upon the operational ability of vendor which deliver servers, administrators monitoring and in-house procedures. Woodpecker stores its data on OVH hosted servers – ISO certified (ISO 27001). The vendor ensures that apart from ISO compliance, each hosting center ensures that it is located within secure facilities with limited access. Storage centers are located within 60 km distance from each other to limit risk concerning geolocation. We shall not reveal the detailed location of data storage centers due to security reasons. In case of disaster recovery procedures application, Woodpecker shall use online replicated data that shall be installed on backup servers. We use Ansible to extract data to a new server (this concerning 1 to 1 copy), we use Proxmox Templates to create new VM in our infrastructure. We are prepared to ensure full trafic redirection in case of any system malfunctioning. Full recovery time shall not exceed 6 hours in case of full database break down. Precise recovery time depends on the severity of damages and may differ but shall not exceed mentioned 6 hours. Woodpecker application shall be under constant monitoring and control checks concerning working fluency. We ensure that our Dev team shall maintain and react if necessary in case of downtime. Furthemore, we inform that our day-to-day network checks are performed by external Administrators who ensure secure backups storage and performing tests concerning data restoration. We create backup each 6 hours to secure data. If there is anything that affects functionality of our application, Woodpecker shall update its status page or notify customers, provided that there is such technical and business possibility, and inform about foreseeable time of recovery and damage restoration. If you need any precise information that may address your risk assessment needs feel free to contact our Data Protection Officer via firstname.lastname@example.org . Check our Vulnerability Disclosure Program All the data you provide us with will be processed by: Woodpecker.co sp. z o.o. (LTD) residing in Europe – Poland – Wroclaw 29D Krakowska STR, zip-code: 50-424 in a way that is crucial to agreeing on a contract, as well as its fulfillment. Transaction data, in that personal data, can be transferred for the benefit of: PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal L-2449, Luxembourg on the terms that will be beneficial to service connected to order payments.