Security at wuha
Wuha was designed in a secure way from the design stage. The protection of your data has been thought of from the very beginning of the application. We do our utmost to maintain an extremely high level of cybersecurity. We would like to describe to you in complete transparency how your data flows in a waterproof and secure way through our system.
Our key actions to protect your data
- Compliance with authorizations and original access rights of applications
- Password encryption in transit and at rest
- In-transit encryption of all indexed data
- Anonymization of data in the context of the GRPD
- Authorizations of Wuha members organized in silos and by role
- High Protection Hosting and Data Center
Do you have any questions? Contact the Security Team
Where are your data stored?
Your data are hosted at OVH's Data Centers in France. Whether on the network, maintenance or server side, OVH is the most proven French hosting provider in terms of security:
- Standards ISO 27001
- Certificates SOC 1 TYPE II AND SOC 2 TYPE II
- 24/7 availability and monitoring
- Power supplies, Internet connections, generators and cooling systems are all redundant and autonomous
- High standard safety and fire system
How your data is protected with us?
Wuha only accesses the data you have access to. So if you log in to your Google Drive account, Wuha will only index the data you have access to. As soon as you lose authorization on a document, it will automatically be deindexed from Wuha servers. The same applies to the deletion of a document: it is immediately deleted.
In order to reduce the attack surface and limit communications between our services, our system is organized into separate clusters. A cluster is a group of machines and services. The objective is to ensure that each cluster can only communicate with the clusters to which it is authorized. The flow of information is in the form of a silo: it must be watertight and limited to the authorizations provided for. Data 1 can be exchanged between cluster A and cluster B. Thanks to this system, any attack will only be able to reach a certain type of data that will be difficult to exploit in isolation.
To further limit the risk of intrusion into our architecture, each subnetwork and server is protected by its own firewall, finely configured and specifically for the traffic expected to flow. This mechanism is in place to ensure that traffic on a cluster is benevolent and legitimate.
Zoom on our multi-layer structure
Here is a diagram that illustrates how your data flows and is protected.
First, your data will pass through a global firewall (in addition to the subnetwork firewalls mentioned above) that will ensure that you are benevolent and that you are allowed to pass. This firewall protects the entire structure of servers, applications and databases.
An access and traceability control allows all authorizations to be filtered to ensure that a user has the right to perform the requested action.
All your data circulating through our systems benefit from "in transit encryption": your data is encrypted throughout its transport. Encryption is performed by the SSL/TLS (Transport Layer Socket) protocol using the AES (Advanced Encryption Standard) 256 bits algorithm.
Our tested and proven infrastructure
We assume that our system can always be improved even if we have already implemented all the security standards. We have thus developed a real safety culture within the Wuha team. We are constantly tracking down possible flaws and possible improvements to our system:
- Our Security team constantly monitors flows, applications and access to our infrastructure.
- RBAC (Role-Based Access Control): Don't worry, the members of the Wuha team have access to only a limited part of the data. Our architecture is based on a role system that means that no Wuha employee can reach all the data.
In other words, you can sleep and both ears, the Wuha team is working hard to protect your data.
