Gtmhub Security Policy

This security policy is here to help you understand what information we collect at Gtmhub and how we use it. When we talk about Gtmhub in this policy, we are talking about Gtmhub Ltd. the company, the Gtmhub application, and the Gtmhub website at www.gtmhub.com. The Gtmhub application is available for use via a web browser and can be deployed in our cloud environment, a virtual private cloud, or on-premise at a customer site.

The following policy describes what practices are employed by Gtmhub to secure and prevent misuse or loss of data provided to Gtmhub by its clients.

Confidentiality

Gtmhub enforces strict control over access of data (refer to "Content" definition in the Gtmhub Service Agreement) it processes on behalf of its clients. Gtmhub is committed to ensuring that client Content cannot be accessed by anyone who should not have access to it. In order to ensure the operation of Gtmhub services certain Gthmhub employees need access to the systems which collect and process client Content. For example in order to diagnose and resolve a service outage. Those employees are not allowed to use their access rights to view client Content unless it is utterly necessary to do so. Gtmhub uses access logs and audit trails to ensure that any access to client Content is tracked.

Traffic

All Gtmhub services and applications are deployed in a virtual private cloud behind a hardware and software firewall configured to allow only HTTPS traffic. Cross-service communications use a separate private network physically isolated from any public traffic.
All communication with the Gtmhub application, the Gtmhub website, communication between Gtmhub services, backups and log shipping happen over secure connections that use TLS 1.2, encrypted and authenticated using AES_128_GCM, and uses ECDHE_RSA as the key exchange mechanism. The Gtmhub team closely monitors the security community and is committed to promptly upgrading our services in response to new vulnerabilities as they are discovered.

Authentication and Authorization

All service available endpoints are secured using a third-party SOC 2 Type 2 certified authentication vendor www.auth0.com.  User credentials and Single Sign-On trusts are stored, managed, and secured by their solution. Authentication tokens are signed and verified with SHA-256 grade cryptographic hash function. 

All Gtmhub employees' accounts for the corresponding cloud providers are enforced to use two-factor authentication. No Gtmhub infrastructure nodes (virtual machines, droplets, pods, containers, etc.) are directly accessible under any protocol of communication like SSH, FTP, HTTP outside of the corresponding virtual private hosting environment.

Backups and Client data storage

For redundancy reasons, all backups are transferred to an external datacenter without leaving the boundaries of the corresponding location (Europe or the United States of America) using a secure socket connection under TLS 1.2 cryptographic protocol and finally encrypted at rest.

Logging

Gtmhub uses a centralized logging system for all of its environments - both pre-production ones and the production environments. Logs are transferred using secure socket connections using TLS 1.2 cryptographic protocol. This logging system contains information for the healthy operation of our services and their availability. The logging system does not aggregate any client Content. The information collected is used by our staff for troubleshooting and resolving service outages.

Product security practices

New features, architecture design changes, and functionality updates go through the security assessment process that includes SANS top 25 and OWASP top 10 vulnerabilities detection. Additionally, any code change is peer-reviewed tested before it is merged into our codebase.

Incident management

If you believe that you have found a security vulnerability in any Gtmhub service, please contact us at [email protected]. For additional security you can encrypt the communication with the PGP key below. All reports will be investigated in a timely manner.

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGGqDnIBEADTyIsGjSqVAJSQa2T1S+BUVCgjr9jlZYOtIKc+O3fBAkcFnZJg
NykiPg44cNNe8jtOV2ZzPREQbgp0Oy+V2bwabZEFEhV2MoWQec1zPXwrKWKbz4nf
UrhDURiuyYsjQo2y4kQ9J3jHm3TuQom7jR4e12Uz+AyCuPYz+lPJor3Ttq2EaumH
YzRHVMIhHOZXLS3xde7DG+BeR7cpb5DzeoS2YM9tdERK+sWWv9E7wC9d/ImzBIsL
1ev/ixEq2Ut7u+xtjlVxntoHs/YXR6xgb9k4yefW9zJC8Pg+83G7YDbxt5mQpX98
Y4IuFNbZrP8aHIoJBJMZawc6cN/PljsXCSa3vnaOUV5RZ4+98GTF133XBlUV3qTT
IVU38v3kF1Hd3o/5HnyolbfHsBV/z7PQThE2z1lgzDRpLHp9mGP0CO4fl7Yod8D3
nXpyEPbIJHyMal+bm3cReBFpFHWTZA2zOtd87s0aalF8fZtG63vJRO1w+0F9bL5j
UZspTH5TfIyJDYXsCP+rEtZBaAx7nGfXqW0wRgZTxGgRIbvP0Vqgrnw+w2McpqOy
w5jG1u08HYOuLPP81QrogZrrNxTGRqXLOOVxj8RB0MA5JsmrVKSOULmBL6W4T6um
S8Pgx/+fi4fsyXkIGbLyPmQRcY9VHfd5cuJfeXj8Dcv3XyMIAD4+cJdXRwARAQAB
tCpHdG1odWIgU2VjdXJpdHkgVGVhbSA8c2VjdXJpdHlAZ3RtaHViLmNvbT6JAlQE
EwEIAD4WIQSugB4wPjA97BItna/T/YNr9PDVEwUCYaoOcgIbIwUJCYGNLgULCQgH
AgYVCgkICwIEFgIDAQIeAQIXgAAKCRDT/YNr9PDVE7TWEACmMLmu1NIqA4kMIRAo
70DLr2TVaDgGP1hdj9NPD2Cy+Po8ZfLhADWoJpO0Lx00/snGhD42EEpCsE8pSz5s
DQ3a9J5VQxhlH8L/nI6Vkmr/yUf8TNZ6SRPZdxs+pCTAoNPRWzLW6+pNiHHu6QJn
+5C3J82umU2N/U70OXUBRLIuunvb4O0e6vJc0KHaP/Yi8eA/gga/Jrtc2KYZe9La
DdraxF3oKeBFJl9r7021AC06AfkmEMrMRhYrvbWu/2jFzcIOpu/7LlSYGRGeg5ym
pd7LP2xXMx4h3aBtIguhoER3+SvGqjCBSnpCyOBQu3JDstyFXrnhDU8K/R3tul8h
UpoKt7fu5kFtpKisMwdVMMCAQSBC8l3jmBFApQMZJcb7/ImK0sIliV8WTuXoGFwQ
bs8UfTSG4ZPqp5TJeloBaRFTr2b6sJFXfjy/m7z3gNvyztiVKJMFU9l9Fx4pMv7c
6daEVEYkHkDx1DXUeRJL2KpYe9vo65kI7RA3QtnqbMkWIYJl6a+FEGHNWq1OAqgO
56qFl4HrMCTe3fHs218C2VEkeaG8o2MRThET7PnD3VUwj1aH+UG4jtw8yfkfhYr9
y6bFoQob8ILwklUJTulI1dPQUs0LcrtKzvGjhD1zXBmKH7gOw8r2fIUjYJZRCCWH
G9kqhSxUveWRnsgAK18eJSZ+GrkCDQRhqg5yARAA7L9vJEagqfc7FNzCYRK2EIJt
Q4pCl7inVuHdfJNWHGwdOzDQdgLDnYRG2dSfgrExHzZKoX9pQ7veu9u4EuNCERUi
Pejb16SzYx/IYJCkugrzBTZui8XYoL6BhmPUlzPnGGBg/N/hIAca7sRbv1PomXc7
P70NGOyJ8d+aYXnMTs3NWSRLQqDrGvqFcKRTzCPf/ScFhGGPnWMyvg7hoWov3xV5
EQF7Xf+L10jmWEdkIfSUBL7YVzRMoDBhO2MDJu42jw7Vstkp4NeovEWO/+fC6DJg
9weKbmBw4fB5ZPkac1i29OLS3j81i+NW740zREMyld0j1Vm8tGygtBRVfbDTLylZ
Jwd/Z5M4ZbWB0yzj0gTnXvCQHruS8cZxg4AoYD5mAlGsIww9j8w+uYPPoW5F/VbW
YA13I72eJ3BKVaXrj/serD1xKzrN+1TxGNOgRMDN9PcQpgtGqKAPXS46Zuad/8+i
3+wYb3mqdt0CYvBNhpy0/UV41L7laaCRDOsO2tLT5uRtZo+PFSXiK43xvQCLuke0
/dcO9OnnVeNOVyg/kHicTtDwayDJXYIFEQlVkLwYv6MP2ztIXeojn8psCu2SE/Oq
6QCwtK5p2ZdVIhUtVSHCBmJaGwYJHkZu8eOukKlI7SmLTxtvXDntehb5nn8TQBXy
KW08dH5Pa3vb+i3z0e8AEQEAAYkCPAQYAQgAJhYhBK6AHjA+MD3sEi2dr9P9g2v0
8NUTBQJhqg5yAhsMBQkJgY0uAAoJENP9g2v08NUTA1oP/j9xNTvpv/3PSWynY6cg
vb0JOcGfwJo/DxwCwrdQEyHdqSkos2y3veO64bZpv5dfGY6n3ymQfak4o+37/gqv
bdVZXGWrD7mkeDAzLFBuLrsfIDfknkaIwmeAHKnU18vWcHtwsIewlWj2NvgJdUPS
hDMya6+6+YZ1XaDMBf3JUQN1qvuWjV6MVzXhit47SDLDOBSD6XQ9jcgRGBxskVhF
5wbyn2IwcBzg68QM7sf5wIU+0JF+Ds+D0z0qJYVkUYiTsnGS1Z7pZw0jK/ag7bb2
N7GD8F2W6PQ9jYz7kCER6tr/f7/1SjREo8ZEEm7ps+C3EeoMv5G/jGTgyccYi2NJ
mC28Xtgbc6at/uxYOaogSYM7rV2jOJqCncol3shTyecpJIC3tiQECe2oPZ6VCZW9
bm2QUQXZoWCvB+Cr9bcinJyFGFAE1ZMUf3K14N+YMQpq1/C8WIUHDANCHyPL2ZCj
n29GgTT1KAN6Zu4t4DzOFxENWNI7hRRXoNyQs9DuMumEM4bbuxLta3YjCmRcVyih
2YpKr/90SVt/u4DH+BF5myWD/GdKGfwHVe3L0Uk/2I0pSYcOdszs8/1/IQq4Dlbu
XOtQfcZ8GbQ/BtHyjgKmeUecxBoB4gAm2Eb5SucCHMrRUflXZdoxkuBOF4kgnx4K
05bYClwQnlzQYbYrWV+DXBOC
=/cwk
-----END PGP PUBLIC KEY BLOCK-----

Did this answer your question?