Drivetrain Hub Security
Drivetrain Hub takes security seriously so that its users can focus on the task at hand without worrying about the security of their data. We are proud to provide our users with security practices that go beyond that of typical desktop software. The following summary provides you with info on our key security practices. If you have further questions, or if you would like to share your perspectives on our approaches to securing the information you entrust to us, feel free to contact us at firstname.lastname@example.org.
Drivetrain Hub applies authorization rules at an organization-level for all data operations, thus ensuring that only users of an organization have permission to access and modify its data. This means that all data created, accessed, and modified by a user technically belongs to the assigned organization of the user.
Data and users of our Gears App software have configurable settings for authorization and permissions to enable features such as model sharing. In accordance with the authorization rules explained above, all forms of sharing in the Gears App are restricted to the users of an organization. This security policy is used to prevent sharing of sensitive data outside an organization. Gears App does not provide means of sharing data outside an organization.
Sharing data in our Consultant Match service applies between two types of user groups: clients and consultants. Clients are users in search of a consultant to meet their project requirements. Sharing is applicable between a client and the consultants matched to their project. Sharing rules depend on the document type as described below.
Non-disclosure agreement (NDA) documents uploaded by a client are shared with a matched consultant after the consultant elects to participate in the client project. NDA documents uploaded by a consultant, in the context of a project, are automatically shared with the client.
Statement of Work
Statement of work (SOW) documents uploaded by a client are shared with a matched consultant after the consultant elects to participate in the client project. SOW documents cannot be uploaded by consultants.
Proposal documents uploaded by a consultant, in the context of a project, are automatically shared with the client. Proposal documents cannot be uploaded by clients.
PCI Security Standards
Drivetrain Hub uses a third-party payment processing service. Credit card information is encrypted in your web browser and sent directly to this service. Credit card information is not transmitted to or stored on Drivetrain Hub servers. Our payment processing service is PCI compliant and our use of their service preserves that PCI compliance.
Communication between Drivetrain Hub cloud servers and users’ web browser clients is always encrypted. Drivetrain Hub requires HTTPS for all services, including our public website, customer support site, and community forum.
All Drivetrain Hub documents are saved on encrypted storage with AES-256. All communication between our internal compute servers and the internal databases holding your Drivetrain Hub documents uses TLS v1.2.
Drivetrain Hub never stores customer passwords in plain text. We use strong, one-way, cryptographic hash functions so that even if our internal password storage is compromised, the original passwords cannot be recovered.
We review all reported security issues. If you think you found a security vulnerability in Drivetrain Hub services, please get in touch with us at email@example.com. We request that you not publicly disclose the issue until we have addressed it.