Security

Need to report a bug or a security vulnerability?

If you find a security vulnerability please send an e-mail to support@taiga.io detailing your findings. The Dev team will fix the problem, update the stable branch of the repositories in GitHub and update our servers. If you have your own instance and report a vulnerability you will be able to quickly upgrade to the new stable version.

If you find a bug related with your data or your account in Taiga please send us a mail to support@taiga.io and we will resolve it as soon as possible. We pride ourselves on responding to any query in no less that 24 hours. Usually we respond within a few hours at most.

To report any other bugs you can use the GitHub repositories of Taiga or our mailing list (taigaio@googlegroups.com), where you can also send requests for enhancements or send questions related to the use of the application too. Please do not use Twitter or GitHub for support questions.

Physical Security

Here is some information regarding the data center where Taiga’s infrastructure resides:

• TelecityGroup AMS5 (Amsterdam, Netherlands): premium datacenter, Tier-4 specifications
• Protected by security personnel and multi-layered physical security, including a secure perimeter, personal identification systems and video surveillance.
• Certified to the following international standards:

• ISO 27001:2005 - Information Security Management
• ISO 9001:2008 - Quality Management Systems
• ISO 14001:2004 - Environmental Management Systems
• OHSAS 18001:2007 - Occupational Health and Safety Management
• PCI-DSS - Payment card industry data security standards
• EU Code of Conduct for data centres - Corporate Status Benchmarks for data centre efficiency and best practice

More info: here.

System Security

• Designed and supported by FLOSSystems ( http://flossystems.com ), a company focused on providing secure infrastructure, distributed computing (IaaS) and IT systems scalability.
• System installation using open source, hardened OS (FreeBSD and Linux)
• Dedicated and redundant state-of-art firewalls (FreeBSD/pfSense) and VPN services to help block unauthorized system access
• Distributed Denial of Service (DDoS) mitigation services powered by industry-leading solutions
• 2x10G - redundant and balanced physical network
• Isolated internal network topology
• Web front-end load balancing
• We employ a wide range of monitoring solutions to prevent and contain any potential attacks to the site

Data Security

• Systems access always encrypted and restricted, according to principle of least privilege
• All data exchanged with Taiga is always transmitted over SSL
• Data are saved on an off-site backup, in an automatically region-replicated object storage system, and we encrypt data in transit via SSL-encrypted endpoints
• Redundant storage powered by ZFS
• High Availability services (database engine and message broker)

Employee access

No team member of Kaleidos Ventures S.L. Taiga’s corporate parent or third parties hired by Kaleidos Ventures S.L. are authorized to access private project data unless required to do so by the account owner for support reasons. Support staff may sign into your account to access settings related to your support issue. When working a support issue we do our best to respect your privacy as much as possible.

Contact Us

If you have a question, concern, or comment about Taiga security, please contact us: security@taiga.io.