As the data controller, tchop GmbH has implemented numerous technical and organizational measures to ensure the protection of personal data processed through this website in the best possible way.
tchop™ is ISO27001 certified through German TÜV Süd.
Please also read our Privacy Policy carefully, which you can find here.
In the following we describe key goals and implementations of our certified Information Security Management System (ISMS).
Focus on highest standards
tchop.io has achieved ISO 27001 certification by TÜV Süd in the year 2021. This prestigious certification underscores our commitment to the highest standards of information security management. With this certification, our users can trust that their data is protected by robust security protocols, ensuring confidentiality, integrity, and availability.
Secure hosting and data handling
The tchop platform is hosted on Amazon Web Services (AWS) and German Hetzner Cloud, which both comply to ISO 27001 and SSAE-16 standards, ensuring full data security. Enterprise clients can choose where they want their data to be hosed.
All information is encrypted using TLS 1.2 and PFS, security incidents are reported to our security team 24/7 and access to the tchop production servers is restricted. We do daily backups and have a contractually binding uptime of 99.9%.
Robust and secure architecture
Our platform architecture is designed to minimize the risk of a security breaches by permitting access to the minimal required systems only, while other systems, such as database servers, are only accessible internally. All traffic to our application servers is routed through our proxies and gateways. All other systems in our data centres never have direct access to the Internet - neither inbound nor outbound.
Protection
Our network is protected by redundant layer-4 firewalls, secure HTTPS-transport communication over public networks, VPN only access to our production and testing systems and key-based authentication for system administrators for maintenance purposes.
Security Incident Event Management
A security incident event management (SIEM) system gathers all available logs from our systems to analyze these for correlated events. The SIEM system notifies the tchop team about the event, so that the team can respond quickly.
DDoS protection
Distributed Denial of Service (DDoS) is mitigated by multiple tools, including 'AWS Shield' for our AWS servers, which provides always-on detection and automatic inline mitigations that minimize application downtime and latency.
Controlled access
Access to the tchop production environment is restricted to the core operations team. This includes frequently auditing and monitoring the accesses. All productive systems are secured by VPN and require key-based authentication.
Encryption in transit
All communication of our systems over public networks is encrypted using HTTPS with Transport Layer Security (TLS 1.2) and Perfect Forward Secrecy (PFS). We disabled SSLv3 on all systems to prevent security breaches.
Encryption at rest
All user passwords are encrypted by using best-practice one-way hash functions to minimize the impact of a data breach.
End-to-end encrypted chat
We use a secure end-to-end AES 256 and TLS 1.2 encryption for our chat. All chat messages and chat history are also stored fully encrypted on European servers only.
Uptime
We guarantee a minimum 99.9% uptime for the tchop platform. In the past we have usually in fact reached 99.99%. Also we are happy to provide references of long time clients, that can report the high availability of our services.
Redundancy
We do backups of all relevant systems in daily frequency and store these backups up to a month for restoring based on identified incidents. Also, all productive services of the tchop platform run at least in dual-mode to provide a fast performing failover. Our development team is equipped with plans for different scenarios and therefore is able to regain data in cases of emergency.
QA
We perform automated tests on our code base in order to ensure a maximum level on QA. Also, we follow a test-driven development approach and peer-review all code changes that are submitted to the code base by our team.
Secure environments
We work with testing and staging systems that are logically separated from production systems, so that we can rollout and improve on beta and alpha versions in an iterative process that never harms live services.
Secure credential storage
Passwords in tchop cannot be extracted, as they are stored in the database using bcrypt, a one-way-hash function designed to be collision free.
Security training
We periodically train our developers to be aware of common security risks for development as well as the data privacy of our customers' data.
Confidentiality agreement
All our team members have signed a confidentiality agreement to protect customer data, as well as agreements obligating them to comply with the data secrecy provisions of § 5 of the BDSG (Bundesdatenschutzgesetz) and the confidentiality of telecommunications (§ 88 Telecommunications Act).
Reduced access
Access to our production systems is reduced to a minimum set of people responsible for maintenance and operations. Only our management has access to the most sensitive spaces.
User management
We offer several ways for onboarding your users. They can be invited directly by email or phone number. Also users with a certain email domain can register without having been invited individually. Even when you do not know the email address of your users, you can invite them by generating unique access codes for one-time registration. Finally, you can use your own SSO for access management.
Data Processing Agreements (DPA)
Where required under applicable data protection law, we provide an agreement on commissioned data processing.
EU General Data Protection Regulation (GDPR)
tchop complies with the requirements of the EU General Data Protection Regulation and provides a secure communication platform that protects employee and customer data equally. The privacy rights of our customers and the security of their personal data are our highest priorities.
