top of page

Information on Squash Cloud Instances

Squash Cloud is built to be simple, efficient, and secure. You will find further informations about the hosting policy, its infrastructure, and its security below.

Squash Cloud Hosting

The Squash Cloud instance provided by Henix, as well as its data and backups, is hosted in datacentres physically located in France and monitored by companies under French law.

 

The hosting providers used by Squash Cloud are Scaleway and OVHcloud.

(OVHcloud is only used to ensure redundant - encrypted - storage of backups.)

 

They possess the certifications described on their respective sites:

 

Physical access to our servers is strictly controlled by these providers.

GDPR

Squash Cloud is in accordance with General Data Protection Regulation (GDPR) requirements:

 

  • No personal data are processed or needed to ensure smooth operation of hosted applications. Users are responsible for the data entered in the applications and Henix does not apply any processing other than that necessary for its service commitments (backups, connection logs);

  • Henix does not employ subcontractor companies that would process personal data or work with non-European infrastructure;

  • Only authorized personnel have access to relevant data;

  • Access to Henix's premises is secure.

 

Any client can contact Henix through the website contact form in order to assert their rights:

 

  • the right of access: individuals have the right to access all personal information held about them;

  • the right to rectification: individuals can request modification of their personal information;

  • the right to erasure: individuals can request deletion of their personal information (in accordance with GDPR grounds);

  • the right to data portability: individuals can obtain their personal information in an open, machine-readable format.

Security

Access Policy

Access control are guided by the principle of least privilege.

An application account with a Squash TM administrator role is given to the client when the instance is delivered and any new user account created in Squash TM has, by default, no access or visibility to any existing project. It's the role of the administrative account to create user accounts and to give read and write rights for each project and each user.

 

To access Squash TM, users must enter their username and password; accounts are created and managed by the customer. The implementation of an optional Single sign-on ("SSO") authentication is possible on request. Supported protocols are SAML 2.0 and OpenID.

 

Access to Squash Orchestrator endpoints is secured using tokens.

Application Log Retention Policy

Access and activity logs ("logs") for Squash TM are retained for three months. They are accessible by Squash TM administrators and the Henix support team.

Business Continuity Plan

Henix has a Disaster Recovery Plan which guarantees minimal impact for our customers and application availability over the year in accordance with the General Terms and Conditions of Sale (GTC).

Daily, multiple, tested, and redundant backups of the applications and their databases allow a maximum admissible data loss of 24 hours (worst case scenario). The backup policy is described in the GTC.

System and Network Security

The hosting of all Squash Cloud instances is distributed over several servers, each client being in its own container isolated from the others with its own public IP address. The firewall only allows encrypted flows via HTTPS (minimum TLS 1.2 protocol). No other streams are allowed. Henix's Platform Team is the only one to have access to the underlying logical infrastructures of Squash Cloud.

Update Policy

Critical operating system security updates (including web servers, databases, JVM…) are automatically performed within 24 to 48 hours after their availability on official repositories. The Squash Cloud instance will be restarted early morning outside of support hours to implement these updates.

Non-critical operating system updates are installed weekly using the same procedure. The Squash Cloud instance will be restarted on Sunday morning between 4 am and 5 am to implement these updates.

 

Regarding Squash Cloud application security updates, clients are notified and applications are updated as soon as possible, in accordance with the provisions of the GTC

bottom of page