Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Data protection & IT security

            Modified on Wed, 18 Dec at 6:04 PM

            In this article, you will find an overview of key measures and procedures in place to minimize and protect user data at Power-user.



            TABLE OF CONTENTS




            Data collection


            Power-user does not collect sensitive data

            We strongly believe that the best way to protect data is to avoid sharing any data that is not essential. For this reason, Power-user was designed to collect ony minimal data:

            • Power-user does NOT collect user passwords.
            • Power-user does NOT collect any documents or content users are working on.
            • Power-user does NOT collect sensitive data such as racial or ethnic origin, sexual orientation, health, political opinions, religious or philosophical beliefs.


            Power-user does not even have access to documents you add to your Library

            Admins of Power-user licenses integrates corporate resources in the Library (in particular PowerPoint presentations or Excel spreadsheets). 


            By default, Power-user does NOT need access to such files in order to integrate them, and Power-user will only know the link and name of the files. The files will be pulled locally from the given link on your system where they are stored, as illustrated below:

            Power-user shared libraries diagram



            Data collected by Power-user

            Of course, we still need some data to make our application work, manage licenses and provide the appropriate level of support. We do collect:

            • Data about the user: the Windows user name, email address, organization name and domain and job title, as well as user settings.
            • Technical data: license key; software version and license type for Power-user and the Microsoft 365, dates of installation/validity, logs.
            • Usage data to understand how the application is used.


            Why we still need some data, and how we use it

            The data Power-user collects is needed for the following purposes: 

            • License management: managing the validity of licenses, allowing, controling and revoking access, transferring licenses to new devices, and allowing admins to do the same from their administration portal.
            • Support: providing relevant support to user emails and tickets, informing users about key events related to their license, and providing them with appropriate documentation 
            • Billing: quantifying licenses consumption and validity, and answering regulatory obligations 


            Data is protected both contractually and technically 

            Any data we collect and use is contractually protected by our Data Privacy Policy and License agreement.


            We also have technical measures and procedures in place to protect data from threats, as described below.



            Other assurances on user data


            Power-user is listed on the Microsoft Store and Microsoft Azure Marketplace, after undergoing a Microsoft process including different reviews, scans and tests from the Microsoft teams


            Scans can be run on third-party software websites like VirusTotal, compiling security reviews from multiple vendors and showing Power-user as safe to use.


            We can also share multiple credentials from clients in industries with very-high security standards, like defense or payments/banking.


            Finally, we can give IT teams access to a test version of Power-user to be tested and analyzed before deployment.





            Data protection measures and procedures


            The goal of our Information Security Program is to ensure the protection of all information, including client data, intellectual property, and internal systems. This program is designed to meet industry best practices, comply with relevant laws, and instill confidence in clients regarding the security of our software development processes. 


            Risk assessments

            • A risk assessment is performed at least annually, to identify potential threats, vulnerabilities, and areas of improvement.
            • All assets, tools and applications used at Power-user are mapped and classified based on purpose, sensibility and risk.


            Data Encryption

            Our client data is hosted at OVH in France, and fully encrypted:

            • Data in transit is encrypted with TLS (Transport Layer Security)

            • Data at rest at OVHCloud is also encrypted, with full disk encryption using LUKS2 with the encryption standard AES-XTS-Plain64 and a 512-bit key. Each volume is encrypted with a unique, ephemeral key that is destroyed when the instance is terminated. Additionally, backups are encrypted using AES-256 in CTR mode, with integrity ensured by HMAC-SHA256.

            OVHCloud has the following certifications: SO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018, HDS, SOC 1 type 1, SOC 2 type 1, CSA type 1, C5 Type 1

More information can be found on the OVHCloud website.


            Emails and tickets are also encrypted with AES 256-bit encryption when data is encrypted at rest and HTTPS with TLS 1.2 encryption for data in transit.


            All company laptops are encrypted with Bitlocker.


            Backup

            All client data, documents, emails and tickets are secured by backups.


            Access control

            • Access to our offices is physically restricted to authorized personnel only, monitored and logged with 24/7 videosurveillance.
            • Role-based access control (RBAC) ensures employees only have access to systems necessary for their roles.
            • All devices are password-protected.


            Security Awareness Training

            • All new hires undergo security orientation as part of their onboarding.
            • Regular security awareness trainings or communications are conducted to identify potential threats, vulnerabilities and areas of improvement.


            Network security

            • Propagation risk is mitigated by the absence of internal network.
            • Updates and patches are regulary installed on software and hardware to protect against known vulnerabilities.


            Application security

            • Secure coding practices are being implemented, such as input validation and proper error handling. 
            • Code reviews are conducted to reduce vulnerabilities in software development.


            Continuous improvement

            • We foster a culture of continuous improvement by incorporating feedback from audits, employee input, and evolving security practices.
            • We stay informed of emerging threats and security technologies to ensure the program remains effective and relevant.

             

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0