Security

Need to report a bug or a security vulnerability?

If you find a security vulnerability please send an e-mail to support@taiga.io detailing your findings. The Dev team will fix the problem, update the stable branch of the repositories in GitHub and update our servers. If you have your own instance and report a vulnerability you will be able to quickly upgrade to the new stable version.

If you find a bug related with your data or your account in Taiga please send us a mail to support@taiga.io and we will resolve it as soon as possible. We pride ourselves on responding to any query in no less that 24 hours. Usually we respond within a few hours at most.

To report any other bugs you can use the GitHub repositories of Taiga, where you can also send requests for enhancements or send questions related to the use of the application too. Please do not use Twitter or GitHub for support questions.

Datacenter Security

Taiga´s infrastructure is an Infrastructure as a Service (IaaS). It's hosted in AWS Europe (Ireland) region. Ireland region is located in the Republic of Ireland. Launched in 2007, it has 3 availability zones (3 different datacenters). AWS maintains the configuration of its infrastructure devices, but we are responsible for configuring our own guest operating systems, databases, services and applications.

• AWS has certification for compliance with:

• ISO/IEC 27001:2013 - Information security management systems — Requirements
• ISO/IEC 27017:2015 - Code of practice for information security controls based on ISO/IEC 27002 for cloud services
• ISO/IEC 27701:2019 - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management — Requirements and guidelines
• ISO/IEC 9001:2015 - Quality management systems — Requirements
• CSA STAR CCM v3.0.1

This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services.

• AWS complies with internationally recognized standards such as: Cloud Computing Compliance Controls Catalog (C5) and Esquema Nacional de Seguridad (ENS). AWS also achieved certifications including PCI-DSS, Hébergeur de Données de Santé (HDS), and TISAX (EU Automotive), helping satisfy compliance requirements for regulatory agencies across the EU. More info about AWS ISO and CSA STAR Certifications and Services
• AWS is committed to important EU privacy, portability, and digital sovereignty programes -- including Cloud Infrastructure Services Providers in Europe (CISPE) B Code of Conduct, the European Commission Standard Contractual Clauses (SCC), the SWIPOB Infrastructure as a Service (IaaS) Code of Conduct, and GAIA-X. More about EU Data Protection 

Data Security

Systems access are always encrypted and restricted, according to principle of least privilege

• Systems are designed to prevent remote access by AWS personnel to customer data for any purpose, including service maintenance
  
• All data exchanged with tree.taiga.io is always transmitted over SSL
• Data are saved on an off-site backup, in an object storage system, and we encrypt data in transit via SSL-encrypted endpoints

Employee access

No team member of KALEIDOS INC SUCURSAL EN ESPAÑA Taiga’s corporate parent or third parties hired by KALEIDOS INC SUCURSAL EN ESPAÑA are authorized to access private project data unless required to do so by the account owner for support reasons. Support staff may sign into your account to access settings related to your support issue. When working a support issue we do our best to respect your privacy as much as possible.

Contact Us

If you have a question, concern, or comment about Taiga security, please contact us: security@taiga.io.