Data security

Timefold ensures the network, infrastructure, and data access for Timefold Cloud Platform are secured and monitored. This includes continuous system monitoring for performance issues that might signal security concerns, strict access control measures based on the principle of least privilege, and robust log management where activities are logged and periodically reviewed.

Critical data (tenant settings) are automatically backed up using Mongo DB Atlas backup mechanisms. These systems are monitored by the operations team for completion and exceptions.

The Timefold Cloud Platform is a multi-tenant environment. Data from different tenants is separated at the database level and application level, ensuring that information from one tenant is unavailable to other tenants.

Data is stored in encrypted format using AES-256 encryption, ensuring that sensitive information remains secure and protected from unauthorized access while at rest.

Data transmitted by Timefold Cloud Platform is encrypted in transit using HTTPS and other secure channels such as SSH, SSL/TLS, ensuring that sensitive information remains protected from interception and unauthorized access during transmission.

Facilities hosting the Timefold Cloud Platform and hardware are managed mainly by GCP, which utilizes ISO 27001 and FISMA certified data centers. Physical access to these data centers is strictly controlled and monitored, with no Timefold employees granted physical access.