The data collected (see 'Information collected and used') is stored in a database. The password is not stored, but to enable validation of your connection to your bind space, we store the encrypted borrow of this password, generated by the non-reversible SHA256 encryption algorithm.
Once you've subscribed to the pay-as-you-go offer, a backup is made daily and stored on independent storage disks hosted by OVH in Europe (France).
Only the last 30 days are retained.
We use several different technologies and store backup sets on separate sites.
Our services are provided by the following subcontractors and services:
The computer server hosting company, OVH. These servers are hosted in Europe (France). No customer information is communicated to this subcontractor, who provides only the hardware and network layer, with installation and operation carried out directly by us.
Scaleway computer server hosting. These servers are hosted in Europe (France).
Nocustomer information is passed on to this subcontractor, who provides only the hardware and network layer, with installation and operation carried out directly by us.
The Stripe online payment service, which is used to ensure regular subscription payments. When you fill in your credit card details, they are sent directly to Stripe when you enter the number to make the payment (this means we never know your credit card details. Stripe only gives us the last 4 digits, which enables us to identify / analyze payment problems).
Sendgrid email relay service, used to relay GLPI email notifications when "PHP" mode (default) is used and the client does not specify its own SMTP in GLPI configuration.
Our GLPI Cloud architecture is protected from the Internet by the OVHCloud Firewall Network (which also handles anti-DDOS) with strict security rules. Only protocols
are allowed (HTTPS only), everything else is blocked before it even arrives on GLPI Cloud instances (whether they're on the Public or Private offering). The Linux firewall is
also enabled on each instance (to protect instances inside OVHCloud networks), with the same protocol restrictions as on upstream firewalls. (Private) External HTTPS accesses can be filtered on customer-identified public IP ranges.
Maintenance access for TECLIB teams is only possible from a dedicated TECLIB SSH Bastion. Access to this bastion is only possible with a VPN connection authenticated by a Nominative certificate, renewed annually and revoked in the event of a problem or employee departure. Use of ipsec / ssh / tls technology.
Server maintenance is carried out and supervised from the Ubuntu Landscape tool, linked to our inventory tool dedicated to Cloud instances (GLPI, of course), on which we carry out impact measurements, alerts on versions, disk space, domains, etc., as well as on our own servers. certificates, tracking changes / problems / incidents / etc.
As part of our commitment to bug-fixing, we deploy security patches on Cloud instances even before the code is released to the development space.
community (Github).
GLPI, as a popular software, is regularly audited by security analysts. These auditors must respect our disclosure policy and can contact us outside public platforms:
glpi-security@ow2.org
Our services run on Ubuntu Linux systems and software. They benefit from regular security updates when the operating system publisher (Ubuntu Canonical) releases them.
Our services are accessible via HTTPS (HTTP encrypted) only, encrypted with SHA256 certificates.
Our technical platform is protected by a number of state-of-the-art devices, including
IT security: FireWall, Banishing Tools, SPAM detection system and DOS protection, software anti- injection protection, anti-XSS on the software used
for the customer area and made available to users. These software components are tested automatically using the PHP-Unit and Travis-CI tools.
We also keep a technological watch on JS/PHP application dependencies, and continuously update our infrastructures for each patch.
* In the event of suspicion of theft of the data we have collected (see first point 'Information collected and used'), customers will be informed by email, at the following address corresponding to their customer account.
If you have subscribed to the paid offer, we also store the following information:
Your SEPA mandate if you have opted for SEPA payment, the last 4 digits of your card if you have opted for payment by card. The full details of your credit card, required for payment by card, are not stored by us, but by our payment service provider Stripe (world leader in online payment). We have no knowledge of them,
Each sample is sent to Stripe via a request. When you enter your bank details, they are transmitted directly to Stripe and are not stored on our servers.
You may request the deletion of your account and the above information at any time.
The Privacy Policies and RGPD reference contact for our services is: Data Protection Officer
rgpd-dpo@glpi-network.cloud
------------------------------------------------------------------------------------------------------------------
GLPI as a sub-module of the iso 270001-certified SIEM Prélude NG for the Direction Générale de l'Armement, in collaboration with cybersecurity specialist CS (https://uk.cs.fr).
European H2020-SATIE project with several players, including Airbus, which integrates GLPI (as inventory software) into its cyber-attack simulation and vulnerability detection software.
MASSE project (GLPI)
