Security is a core tenant of Hudu that we take very, very seriously. Customers trust us to protect sensitive resources and documentation. In this guide, we will outline the steps we take to protect customer data.
Infrastructure
Hudu runs in 2 modes - self-hosted and hosted. Both run the same code and have similar capabilities.
Self-hosted allows you to store documentation on either your own internal server; or utilize a 3rd-party managed, hosting service.
Our hosted Magic Cloud environments run on a hybrid DigitalOcean/AWS infrastructure. We utilize best-of-breed infrastructure tools to make sure that the instances we host are very secure. Our hosted environment is also SOC 2 Type II certified. This means that we need to get re-certified each year to make sure we are in compliance.
We utilize firewalls and advanced monitoring on our hosted infrastructure.
Visit our Trust Center for more information on Hudu Security.
Rigorous Security Testing
Hudu undergoes security-design reviews, threat modeling, and regular penetration tests using independent third-party firms. We also actively engage with the security community through our vulnerability disclosure program for continuous assessment.
Vulnerability Disclosure Program
At Hudu, we love working with security researchers.
If you are a security researcher and believe you have found a potential security issue in the Hudu platform, please contact us. We will make every effort to quickly resolve the problem.
For additional information, visit Hudu Vulnerability Disclosure Program.
Encryption
Hudu utilizes military-grade encryption algorithms (AES 256-bit GCM, PBKDF2) to protect sensitive documentation, alongside techniques like tokenization to make sure that your keys are safe.
Hudu utilizes encryption in transit, utilizing HTTPS for all security. We refuse connections that aren't secure.
Data Backups and Maintenance of the Server
On the hosted solution, we take care of data backups and maintenance of the server. We utilize instance-level backups and database-level backups (both stored on redundant servers and data centers).
On the self-hosted, you take responsibility for backups and maintenance.
In the application, we have automated backup methods (S3 bucket storage). We recommend using this as part of a multi-staged backup plan (either utilizing our backup via our hosted option, or alternative backup methods on the self-hosted).
Additional App Security Measures
Hudu utilizes features like role-based access and group structures for additional security. This means you can control (as an example) what users have access to what folders. We've tried to make this process as painless as possible - to make it easier to secure your information.
The Hudu app itself rate-limits and detects intrusive anomalies.
Password views are audited and added to a global activity trail, along with user information, IP address, date, time, and other information.
You can roll back and have access to passwords that have been changed.
Active DDoS Mitigation
Self-Hosted Data Collection
One of the main appeals to self-hosting an application is that data is kept under your control. On self-hosted, the only telemetry we send back to the "mothership" is billing-related (number of users, etc.). We do not send sensitive information like passwords, files, or documentation - this resides on the server itself.
Certifications
Hudu is:
- SOC 2 Type 2 Compliant
- PCI DSS Compliant
- GDPR Compliant