Wuha has been designed with security in mind from the very beginning. When taking the decision to index and store client data, we knew that security and privacy would be the first concerns of any user. Our attitude to information security is transparency. We explain exactly what data we collect, when, how it's used, and how we protect it.
Any questions? Contact security team
Your data is stored in data centers managed by OVH. All data is physically stored in France. In terms of French cloud providers, OVH is the most proven in terms of security:
Wuha only accesses the data that you have access to. When you connect an application, we use your access rights to index the data in that application. That means if you don't have access to a file, we can't see it either. If you lose access to a file, that file is removed from your Wuha index. If a file is deleted from an application, that file is removed from Wuha.
Data in Wuha is logically separated in different indices within an ElasticSearch cluster. This cluster is distributed across different servers, meaning we can physically separate data when necessary. Distributed search is scalable and can handle huge amounts of update and queries per second.
All Wuha services are on a private network. There are only 2 ways to gain entry to the network: via searching or via indexing a file. In both cases, our public endpoints are secured to protect against malicious users. No service in Wuha can communicate with the outside world besides these 2 protected endpoints.
Here's a diagram illustrating how data moves in and out of the Wuha system.
Data is encrypted during transit. This means that nobody between the source of data and Wuha can read what's being sent. Data is encrypted using AES256. Every action within Wuha needs to be authenticated, meaning no user can perform an action without having the right.
System security is a moving target and is never "done". Even if we do everything we can to perfect our system, new exploits are found and we must stay up to date. As we develop new features, new potential exploits can be opened too. We solved this problem of inertia by developing a culture of security within the company. Every decision made at Wuha must have the green light from someone dedicated to the security of the system.