Security

In Contract.one, we keep your data safe. Here you can find out about how we use trusted services provider, maintain reliable infrastructure, and protect your data.
If you have any security questions please contact us at security@contract.one

Infrastructure

We achieve infrastructure reliability by using trustworthy services and by maintaining additional security arrangements.
Firstly, we use AWS platform that provides market-leading defense against all known infrastructure attacks. Besides, Amazon AWS EC2 infrastructure is fully certified under the following standards:
ISO/IEC 27017:2015
ISO 9001:2015
ISO/IEC 27018:2019
PCI DSS
SOC
Secondly, we implement technical security arrangements like Perimeter Firewalls, which protect your device connected to the private network from any possible attacks, while you use our Software.

Encryption

We store data on AWS and provide users with the same level of security and protection regardless of subscription model and project role. For more information on what data we collect and with whom we may share it, see our Data Protection Policy We use these techniques:
TLS
Transport Layer Security (TLS) is a protocol that is used to protect the connection between your device and our server while you enter your username, password, and other sensitive data. So our communication is protected from malicious attacks.
AES 256
Advanced Encryption Standard (AES 256) is a method of encryption when data turns into a code. So your data is encrypted when you transfer it to our server.

Projects and Contracts

Your projects and contracts in Contract.one are encrypted and stored on protected AWS servers. This means that we or anybody else can't access your data, even physically. But there is only one person who can reach and share your data — you. Only you can grant access to other people by inviting them to Software and assigning with the role.

Role-Based Access Control

Administrator
initiates and manages projects and contracts.
Internal User
uploads a contract, proposes and accepts changes to it (if allowed to do so); communicates internally and externally.
External User
invites external users and may edit a contract and communicate with users (if allowed to do so). Contract.one allows Administrator to control communication between internal and external team. Thanks to one of the Contract.one's core features, external users won't access to any internal comments until Administrator approves their publishing. Even if the internal comment was published accidentally, Administrator still has time to revoke approval.

Compliance

We process your data according to GDPR requirements and other local privacy laws. For more information, please see our Data Protection Policy. We hold Cyber Essentials Certificate of Assurance. Currently, we are in the process of obtaining security certificates for ISO 27001 and SOC 2 type 1.

Monitoring

We monitor and evaluate our system for unexpected crashes, unauthorized access, suspicious behavior, certain attack signatures, outages, and other indicators of security incidents. All logs are retained for at least six-month period.

Backups

In case of any emergency on the server side, it is guaranteed that completely no data will be lost, because your data has been already backed up to our backup site. Furthermore, we frequently test our backup procedure, including restoring the entire system from backup.

Internal Control

We carry out our internal security management on a comprehensive level with internal policies, regular information security training, strict NDA's, and further security development.