Security at Wuha

Wuha has been designed with security in mind from the very beginning. When taking the decision to index and store client data, we knew that security and privacy would be the first concerns of any user. Our attitude to information security is transparency. We explain exactly what data we collect, when, how it's used, and how we protect it.

Our core pricipals on data protection

  • We respect authorization and accesses in connected applications. We do not create our own information access policies.
  • Data is encrypted in transit
  • Data is encrypted at rest
  • Personal data is separated from information that would identify that person. This is pseudo-anonymisation in the GDPR.
  • Organisational accounts are separated by employee. Access is only given to those who need it and formally apply.
  • Hardware and data center providers are reviewed based on their security principals.

Any questions? Contact security team

Where does Wuha store my data?

Your data is stored in data centers managed by OVH. All data is physically stored in France. In terms of French cloud providers, OVH is the most proven in terms of security:

How is your data secured within Wuha?

Wuha only accesses the data that you have access to. When you connect an application, we use your access rights to index the data in that application. That means if you don't have access to a file, we can't see it either. If you lose access to a file, that file is removed from your Wuha index. If a file is deleted from an application, that file is removed from Wuha.

Data in Wuha is logically separated in different indices within an ElasticSearch cluster. This cluster is distributed across different servers, meaning we can physically separate data when necessary. Distributed search is scalable and can handle huge amounts of update and queries per second.

All Wuha services are on a private network. There are only 2 ways to gain entry to the network: via searching or via indexing a file. In both cases, our public endpoints are secured to protect against malicious users. No service in Wuha can communicate with the outside world besides these 2 protected endpoints.

How does data move around our system?

Here's a diagram illustrating how data moves in and out of the Wuha system.

img

Data is encrypted during transit. This means that nobody between the source of data and Wuha can read what's being sent. Data is encrypted using AES256. Every action within Wuha needs to be authenticated, meaning no user can perform an action without having the right.

Our infrastructure is battle tested

System security is a moving target and is never "done". Even if we do everything we can to perfect our system, new exploits are found and we must stay up to date. As we develop new features, new potential exploits can be opened too. We solved this problem of inertia by developing a culture of security within the company. Every decision made at Wuha must have the green light from someone dedicated to the security of the system.

  • Our security team constantly update our data schemas to identify areas that can be improved.
  • We implement Role-based Access Control. These accesses are periodically evaluated to ensure those with access to critical systems still need that access.
  • Every access to user data is logged in an audit. Audits can be reviewed with clients to ensure no unauthorized access took place.