Opensolr Information Security Policy
This document attempts to cover the Opensolr Data Security and Data Privacy policies that are already implemented and active. This is subject to change, so please check back for updates, or, Contact Us, with your suggestions.
-
Introduction
- The data flow that gets processed by and is stored by the Opensolr systems, is composed of 2 main components:
- Logical data
- Mainly composed of User Identification data, User Profile data.
- This data is used by Opensolr in order to provide users with the main Service Logic, which is the Solr Cloud Hosting Platform, along with it's adjacent services and user interfaces, that are accessible via RBAC (Role-Based-Access-Control) throughout the Service Platform Control Panel.
- Solr Data
- Consists of the data that the Opensolr Users, will host on the Opensolr Platform, in their own designated environment / server.
- This data is stored by Opensolr in datacenters worldwide, using third party hosting providers infrastructure, which includes, but may not be limited to the following partners, depending on prior user preference:
- AWS
- Hetzner
- HostHatch
- Alibaba Cloud
-
Confidentiality
- Both types of data defined above, are subject to our privacy policy.
- Logical Data, is securely stored on the Encrypted Opensolr Main Data Servers, located in the AWS Cloud infrastructure.
- This is the data that identifies an Opensolr User, either under a free, paid, or blocked status.
- User activity logs data, is the data generated by each user under the Logical Data, in order to provide complete transparency on every action taken inside each user's account. These logs are also stored on the Encrypted Opensolr Main Data Servers, located in the AWS Cloud infrastructure.
- The Logical Data is only available to the Opensolr Account Owner via the Opensolr Control Panel.
- The Opensolr Control Panel implements the following security policies:
- User/Password Authentication
- Two Factor Authentication, that may be enabled by each user, via Authy, or SMS
- Solr Data, is securely stored as defined at #1, in a datacenter and/or cloud platform of each user's choice.
- The Solr Data, implements the following security policies:
- SSL Data transmission
- HTTP Authentication
- IP Access Based Authorization
- The Solr Data, is only available to the Opensolr Account Owner User, and the user's team members.
- The team members are verified Opensolr Accounts, that the Opensolr Account Owner has approved and invited to manage the indexes within their account.
- The Solr Data is not made public, unless the Opensolr Account Owner explicitly asks or provides documentation, that it is OK to do so, only via our Support Helpdesk service, which also serves as a Non-Repudiation measure.
-
Integrity
- In order to maintain data integrity, the following policies are implemented:
- Logical Data (User Identity Data), may not be updated/removed or changed in any way, by any Opensolr Employee, except on the following scenarios:
- Account Owner explicitly requests such updates, via our Support Helpdesk service, which also serves as a Non-Repudiation measure.
- Account Owner makes such changes when updating personal information, using the Opensolr Control Panel, which also keeps a record of each change.
- Solr Data is only updated/deleted or otherwise changed by the Opensolr Account Owner, and the Team Members as described above, only after passing the implemented security policies.
-
Availability
- All Opensolr authorized users, have timely and easy access to the Opensolr Services at all times.
- The Opensolr infrastructure and built-in technologies, always ensure data and systems availability, even during adverse conditions, such as data systems failures, etc.
- Opensolr therefore provides the following risk mittigation measures and policies, in order to ensure High Availability and resiliency:
- Solr Data Backup management tools, that allows the Opensolr Users to create, download or restore the Solr Data or Solr Configuration of their hosted Solr Indexes.
- Solr Index Replication that enables the Opensolr Users to create direct replicas of each Index, into a different region worldwide, for High Availability and Data Redundancy
- Main Opensolr Systems replication and redundancy, worldwide, in order to provide High Availability of the Opensolr Control Panel, and the adjacent systems therein.
- Custom and Third Party WAF (Web Application Firewall) systems, such as Apache mod_security.
-
Authenticity
- Opensolr uses the most secure SSL standards and configurations in order to provide secure and authentic data transfers across the entire Opensolr ecosystem.
- Opensolr does not require nor transfer biometric, or location data.
- All data being transfered via the Opensolr ecosystem is subject to the following policies:
- WAF AI verification, blocking or whitelisting.
- SSL Security Keys and fingerprint verification of each data transfer via html form security keys, for verification of authentic transmissions.
-
Non-Repudiation
- Opensolr holds detailed logs and revisions of each important data transfer, that pertains to User Identification and User Actions.
- Opensolr holds detailed logs and revisions of each User support interaction via our Support Helpdesk System