Management

GDPR checklist;

Local

  • We hold payment information optionally provided by clients, and share it with no one. we use it to charge for our software service.
  • We hold at least one pice of contact information to update payment information.
  • Data is stored on our accounting computer
  • This is our publicly accessible policy
  • We have a DPO
  • Our staff and management is aware of this document
  • We use modern and up to date security.
  • We appoint clients as there own representatives in the EU
  • If ever we become aware of a personal data breach our customers and local authorities will be made aware.
  • customers can verify and update information by simply asking.
  • We review this policy annually or as required.
  • We understand when DPIA is required

Hosted

  • Data is stored-in / removed-from a location of the clients request.

When something unexpected happens Noodle will ask you what you were doing and email a stack trace to Vialect. Bug reports may also be sent to techsupport@vialect.com. Please use saleshelp@vialect.com for any other inquiries.

Please provide the following to help us reproduce and correct issues faster:

  • Minimal steps to reproduce the issue from scratch. Possibly relevant details:
    • The URL
    • The version of Noodle
    • The version of Web Browser
    • The version of Operating System
    • A username and password
    • An ordered list of buttons/links clicked
    • Sample file/data
  • Expected behavior, possible details:
    • 720p mockup of desired appearance with min and max sample data.
  • Actual behavior, possible details:
    • A full resolution screen shot including address and scroll bars
    • Web Browser console output
    • The source of any warning pages (wrong format, missing parameter)
    • The source of any email
    • A zip of the Noodle/log folder
  • Observe email educate
    • A short descriptive email subject
    • Reply to the email thread only for the the same issue
    • Don't make new threads for the same issue.
    • Avoid requesting thread history review.
    • Do not place legal or print notes in signatures or otherwise bloat them.
    • Use test in favor of images
    • Use attachments not overlays/embeds of images or text
    • Be concise.

Leaving out information leads to Vialect spending less time creating solutions and more time attempting to reproduce issues and linking to this page.

 

Answers to Frequently asked questions:

  • The support included in your Noodle subscription includes phone, email, and remote assistance for system administration, application usage, and troubleshooting.
  • Customization can normally be accomplished through the user interface which we help with by providing example scripts. Feature requests beyond customization cost extra valued on a per requirement basis.

Ask us more.

Information about our hosted security:

  • Rackspace standards, and certifications.
  • Amazon standards, and certifications.
  • Backups are taken daily for one day, and monthly for 3 years, encrypted, and stored in multiple cities. Optimal space conservation is used in favor of optimal recovery time.
  • Only the strong password protected ssh key of our security manager has full assess to hosted environments.
  • Stable Linux branches are used and security updates are evaluated or applied daily.
  • Data sovereignty; People who want to avoid government oversight should encrypt a local install and host the data with a less intrusive government.
  • Application Security
  • regulation compliance

Please read this overview for a summary of applicable regulations.

Please contact us if you have specific questions about regulation compliance.

Information about Vialect Administrative security:

  • Staff workstations use annual fresh installs of OS X to avoid most malware.
  • Payment information is transmitted and stored offline.
  • Only Senior staff have access to sensitive information.

Public network application security options:

  • SSL (prevent passwords collection from public wifi)
  • White list (prevent application inspection from known hostile networks)
  • "Session Security Level" to 4 (prevent session hijacking)
  • "Minimum password length" to 8 (make password guessing harder)
  • Auto blacklisting block IPs that use the wrong password to often (defaults to 20 per minute)
  • 2 factor authentication
  • Authentication keys for RSS, and Calendar subscriptions.
  • Injection detection
  • Analytics
  • Active Directory Authentication

LAN security options for the server:

  • Whole disk encription (prevents bypassing security by reading the disk with another computer).
  • Dedicated server (reduces exploitable surface area).
  • Linux OS (protects from Windows malware).
  • Firewall blocking all but ssh and the Noodle http[s] ports (reduces exploitable surface area).
  • ssh keys (prevents password guessing on ssh).

LAN security options on a network, listed from most to least secure:

  1. Network not (even indirectly) connected to the internet.
  2. Network with no Microsoft Windows devices only indirectly connected to the internet:
    • Encrypted VPN or better yet a ssh tunnel (use with keys will prevent MITMA from a spoofed wifi or an untrusted ISP or government).
    • Anonymity networks like tor can be used, optionally with ssl or ssh (in practice will prevent anyone, including governments, from knowing what server a user is talking to).
  3. Network only indirectly connected to the internet.
  4. Public network with a firewall or NAT port forwarding blocking all but one port.
  5. Public network.