Review and approval by IT and Security
This guide gives answers to the most common questions you may be asked by your IT or Security teams in order to get approval for Polypane.
If you can't find the answer to a question, reach out to us and we'll do our best to help you.
Description of your product or service
Polypane is a web browser for developers, designers, QA and PMs. It helps you build and test websites that are responsive, accessible and performant.
Do you have a designated security/privacy lead who manages your security program? Provide contact information.
Yes. Kilian Valkhof, Founder, firstname.lastname@example.org
Do you have publicly published privacy and security policies? Provide public links to your Privacy and Security policies.
Do you have a customer information policy?
Data protection role
Do you have a data access control policy with monitoring? List the roles in the organization who have access to sensitive data.
Polypane is developed by a solo founder that can access "sensitive data" when resolving customer issues. Sensitive data is limited to very little PII: Name, E-mail and account status.
Do you have a 3rd party vendor assessment and data access policy? List the roles of any 3rd party to the organization who may have access to sensitive data and under what circumstances.
Internal security programs
Does your organization have a security and privacy program and policies?
Do you have a passwords policy?
Do you have a system access control policy with monitoring?
Do you have a server software update policy? Describe the update and patching mechanisms for operating systems and software to ensure that these are kept up to date.
We do regular updates of the operating systems and packages that we use.
Data retention, backups, and policies
Do you have a customer information possession policy? Describe your policy and the conditions for returning sensitive data and destroying the data once the service is terminated.
Can you commit to keeping customer information at a strict minimum amount of time after customer stops use?
We delete all information when a customer requests to delete their information. We do maintain that data inside backup for up to 30 days, at which point it's entirely deleted. We retain a users e-mail for up to 6 months to prevent abuse.
Do you have a procedure for returning personal data in a format allowing data portability?
We can export customer data to a CSV upon termination of service if requested by a customer.
Do you retain customer information in backups after a customer has deleted (or requested deletion of) the data?
Yes. We keep backups of user data for up to thirty days.
Incident response and reporting
Do you have an incident response policy? How does your organization define a security incident and personal information data breach.
We handle this on a case by case basis.
Describe how customers will be informed of personal data and data security breaches affecting a customer’s data processed by you and your subcontractors and within what timeframe.
They will be informed via email.
Is there a formal company Risk Management program and process that is documented to identify and monitor risks on an ongoing basis?
Are mitigating processes and controls identified for each information security risk discovered?
Is there an independent risk, security assessment, or audit performed on your external third parties?
Are network traffic events logged to support historical or incident research?
No for desktop app. An access log is maintained for the management dashboard.
Are all authentication, data transmissions, client,server and web sessions that are transmitting confidential data protected using SSL, SSH, or other transmission encrypted protocol?
Yes, with TLS 1.3
Is access to diagnostic or maintenance ports on network and system devices restricted?
Is there a process to restore data to a geographically separate secondary facility in a disaster scenario?
Yes, our hosting includes redundancy.
Is data or sensitive credentials (e.g. passwords) transmitted electronically encrypted?
Yes, HTTPS. Password encryption is handled by Amazon AWS Cognito, which do not disclose their encryption algorithms.
Have a question about Polypane?
Contact us any time though chat, Slack or our contact form:Contact Support
Build your next project with Polypane
- Use all features on all plans
- On Mac, Window and Linux
- 14-day free trial – no credit card needed