Security and confidentiality

Protection of your data is of highest importance to us

Rationalk is a business SaaS that you can use from a web browser like Internet Explorer () or Chrome ().

The software is developped according the highest standards of security :

• Data exchange is crypted (TLS/SSL) and based on the HTTPS protocol. Informations between your browser and your server cannot be intercepted.
• Web application firewall (Cloudflare WAF)
• DDoS Protection (Cloudflare DDoS)
• The application are password protected with high security passwords : bcrypt
• Password hacking attemps are automatically identified and user accounts are instantaneously protected
• Rationalk requires users to define complexe passwords
• It is possible to force user to change their passwords evey X days
• It is possible to define the expiration time of the connexion cookie
• Passwords are never stored in plain text
• Two-factor authentication
• It is possible to restrict user creation based on the company email domain
• Rationalk can authenticate your users using SAML 2.0 SSO (single sign on)
• Rationalk can connect to LDAP/Active Directory for user accounts management (passwords and roles)
• We apply Linux security updates on a regular basis
• Our servers are behind the best firewalls
• We offer data backup plans. You decide the backup destination (ftp, NAS, ...). Backup data transfers are secured (scp)
• Backup of our servers in Switzerland using Acronis with Swiss Backup from Infomaniak
• Backup of our servers in Switzerland using rsync.net
• The minimum required confidential data is transferd from the server to the browser
• Our servers are managed by the best providers Infomaniak (CH), Exoscale (CH) and Hetzner (DE). Our backup servers are located in former swiss army bunkers in Valais (Exoscale)
• Advanced role management allow to use Rationalk in the whole company
• Full audit trail (tracability). All actions performed in the software are logged (audit trail)
• Option : Database encryption (Encrypted at rest)

Secured cloud

You decide where to host your Rationalk application, database and files :

• We can take care of everything :
  • Switzerland : Exoscale or Infomaniak (ISO/IEC 27001 (Information security management systems)). More about the Exoscale security
  • Germany : Hetzner
  • France : OVH
• You can host Rationalk on your premises :
  • We support your IT for the installation
  • We can contract a server on your behalf by Infomaniak and take car of the installation and maintenance

We offer staging application for your tests

Security audit and continuous testing

• We perform stress tests
• We log all methods calls (we can anonymise the log if needed)
• Usage quota and anormal behavior can be identified
• Complete test coverage on critical software features
• Tests on data transmited to the browser
• Monkey testing
• Auto diagnostic tool : we explore the database with a dummy user and verify we cannot access anything
• Penetration tests

Confidentiality

• Rationalk complies with GDPR
  • As SaaS supplier, we are data subcontractors
  • Rationalk helps its customer with a GDPR documentation
  • Specific GDPR contracts are signed between Rationalk and its customers and Rationalk and its subcontractors
  • Rationalk works with very little number of subcontractors : server supplier (Infomaniak, ...), IT and security experts
• We can sign NDA with our customers if needed

Service level agreement

• If our general terms are not enough for you, we can establish a specific service level agreement with you.
• RTO (recovery time objective) : depending on the criticity of our software in your business, we can agree on a specific recovery time. In case of major crash of your application, we can recover it in less than 30 minutes.
• RPO (recovery point objective) : we define together the backup strategy for your data stored in Rationalk software.

Business continuity whatever happens

• We guarantee 100% backwards compatibility between software versions. Even with your Rationalk custom modules. You will never be blocked to update because of a custom development made on Rationalk.
• In the event of a cessation of activity of Rationalk SARL :
  • The customer will be allowed to used the software indefinitely
  • The software source code will be transfered to the customer so that the customer (or another software company) can continue providing new functionallities, maintenances and support (Technologies we use are well-known and well-spread technologies)
• A option for our client to purchase the Rationalk software (lifetime license) can be proposed
• You have the possibility to export your data :
  • Xlsx export of tasks, projects, projects logs, database forms
  • Pdf export of meetings minutes (also xlsx)
  • Upon request, we can provide an archive with all your database (MongoDB format)
  • Upon request, we can provide an archive with all your uploaded files
  • Upon request, we can organise any type of exports and automate the exports to your infrastructure