logo
  • Focus on infrastructure and System Security

    The tchop platform is hosted by Amazon Web Services (AWS) , which complies to ISO 27001 and SSAE-16 standards, ensuring full data security. All information is encrypted using TLS 1.2 and PFS, security incidents are reported to our security team 24/7 and access to the tchop production servers is restricted. We do daily backups and have a contractually binding uptime of 99.9%.

  • European servers

    tchop servers are located in Europe. Amazon Web Services facilities are compliant to ISO 27001 as well as SSAE-16 certification.

  • Secure Architecture

    Our platform architecture is designed to minimize the risk of a security breach by permitting access to the minimal required systems only, while other systems, such as database servers, are only accessible internally. All traffic to our application servers is routed through our proxies and gateways. All other systems in our data centers never have direct access to the Internet - neither inbound nor outbound.

  • Protection

    Our network is protected by redundant layer-4 firewalls, secure HTTPS-transport communication over public networks, VPN only access to our production and testing systems and key-based authentication for system administrators for maintenance purposes.

  • Security Incident Event Management

    A security incident event management (SIEM) system gathers all available logs from our systems to analyze these for correlated events. The SIEM system notifies the tchop team about the event, so that the team can respond quickly.

  • DDoS Protection

    Distributed Denial of Service (DDoS) is mitigated by our hosting provider Amazon Web Services. "AWS Shield" provides always-on detection and automatic inline mitigations that minimize application downtime and latency. You can find more info  

  • Access

    Access to the tchop production environment is restricted to the core operations team. This includes frequently auditing and monitoring the accesses. All productive systems are secured by VPN and require key-based authentication.

  • Encryption in transit

    All communication of our systems over public networks is encrypted using HTTPS with Transport Layer Security (TLS 1.2) and Perfect Forward Secrecy (PFS). We disabled SSLv3 on all systems to prevent security breaches.

  • Encryption at rest

    All user passwords are encrypted by using best-practice one-way hash functions to minimize the impact of a data breach.

  • End-to-end encrypted chat

    We use a secure end-to-end AES 256 and TLS 1.2 encryption for our chat. All chat messages and chat history are also stored fully encrypted on European servers only. For the technical implementation we use infrastructure and servers of Pubnub  https://www.pubnub.com

  • Uptime

    We guarantee a minimum 99.9% uptime for the tchop platform.

  • Redundancy

    We do backups of all relevant systems in daily frequency and store these backups up to a month for restoring based on identified incidents. Also, all productive services of the tchop platform run at least in dual-mode to provide a fast performing failover. Our development team is equipped with plans for different scenarios and therefore is able to regain data in cases of emergency.

  • QA

    We perform automated tests on our code base in order to ensure a maximum level on QA. Also, we follow a test-driven development approach and peer-review all code changes that are submitted to the code base by our team.

  • Secure environments

    We work with testing and staging systems that are logically separated from production systems, so that we can rollout and improve on beta and alpha versions in an iterative process that never harms live services.

  • Secure Credential Storage

    Passwords in tchop cannot be extracted, as they are stored in the database using bcrypt, a one-way-hash function designed to be collision free.

  • Security training

    We periodically train our developers to be aware of common security risks for development as well as the data privacy of our customers' data.

  • Confidentiality Agreement

    All our team members have signed a confidentiality agreement to protect customer data, as well as agreements obligating them to comply with the data secrecy provisions of § 5 of the BDSG (Bundesdatenschutzgesetz) and the confidentiality of telecommunications (§ 88 Telecommunications Act).

  • Reduced Access

    Access to our production systems is reduced to a minimum set of people responsible for maintenance and operations. Only our management has access to the most sensitive spaces.

  • User Management

    We offer several ways for onboarding your users. They can be invited directly by email. Soon you will be able to also use registration based on domain bonding. That is, every user with a certain email domain can register without having been invited individually. Even when you do not know the email address of your users, you can invite them by generating unique access codes for one-time registration. Finally, you can use SSO for registration.

  • Data Processing Agreements (DPA)

    Where required under applicable data protection law, we provide an agreement on commissioned data processing.

  • EU General Data Protection Regulation (GDPR)

    tchop complies with the requirements of the EU General Data Protection Regulation and provides a secure communication platform that protects employee and customer data equally. The privacy rights of our customers and the security of their personal data are our highest priorities.

This website uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Find out more