Our business is built on our users’ trust: trust in our ability to properly secure their data and our commitment to respect the privacy of the information they place in our systems by not giving that information to others or using it inappropriately.
In order to answer some of the questions you may have, we created this FAQ.
Who owns the data the organizations put into Discuss.io?
To put it simply, Discuss.io does not own your data. We do not take a position on whether the data belongs to the institution signing up for Discuss.io, or the individual user (that’s between the two of you), but we know it doesn’t belong to us!
The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.
- We keep your data as long as you require us to keep it.
- Finally, you should be able to take your data with you if you choose to use external services in conjunction with Discuss.io or stop using our services altogether
When can Discuss.io employees access my account?
Does Discuss.io give third parties access to my organization’s data?
Is my organization compliant with the European Commission Directive of Data Production if we use Discuss.io?
As described in our Privacy Shield certification, we comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Discuss.io has certified that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view Discuss.io's certification, please visit the Privacy Shield website.
Generally, an organization must decide whether its use of Discuss.io is compliant with any regulations it may be subject to.
Where is my organization’s data stored?
Your data is stored in Amazon Web Services network of data centers. Discuss.io maintains a number of geographically distributed data centers. Discuss.io computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks.
Is my organization’s data safe from your other customers when it is running on the same servers?
Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user’s data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.
An end-user deleted a number of video, how can I recover them?
Data is irretrievable once an end-user deletes a video asset or user account.
How do you protect your infrastructure against hackers and other threats?
Discuss.io, an established provider of web-based services has gone to great lengths to protect against threats. Each of these systems has been optimized for security and performance. The Discuss.io Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers. And because Discuss.io controls the entire open source stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge.
Discuss.io maintains a number of geographically distributed data centers. Discuss.io computing clusters are designed with resiliency and redundancy in mind, eliminating single points of failure and minimizing the impact of common equipment failures and environmental risks. Access to our data centers is restricted to authorized personnel.
How do you prevent and resolve security flaws in your applications?
Discuss.io products and services go through a series of security reviews. If a security flaw is found in an application or infrastructure component, we evaluate the risk and respond accordingly. Because we are hosting the applications in our own systems, we can quickly deploy fixes to all our systems without requiring any action on your part.
Can my organization use our own authentication system to provide user access to Discuss.io?
Discuss.io integrates with standard web single sign-on systems using the SAML 2.0, Oauth, or Google standards. Organizations can work with Discuss.io to accomplish integration. Contact us for more information.
Do you sign NDAs?
Discuss.io does sign non-disclosure agreements upon request. Discuss.io can provide a copy of our standard NDA/confidentiality agreement via email. If it meets with your approval, we will follow-up with a scan of a signed copy. To use an NDA/confidentiality agreement of your choice, please email us at firstname.lastname@example.org with the required documents or any questions.