Technical and organizational measures

1. Premises

Fediverse Foundation (hereafter “we”, “us” or “the service”) operates its servers, applications and systems in private and secured data centers in Vienna, Austria. All data is physically stored in Vienna Austria and is not transferred are shared to any third parties or external data processors.

The document furthermore describes all technical and organizational measures (TOMs) and security of processing pursuant to Article 32 GDPR Fediverse Foundation takes for its operational facilities.

2. Technical security measures

2.1 Confidentiality

2.1.1 Physical access control

This measures are aimed to prevent unauthorized persons from accessing data processing systems with which personal data is processed or used.

2.1.1.1 Key control

The data center can only be accessed with a scheduled appointment. Only the Fediverse Foundation operations team or authorized data center personnel have the permission to access the data center. Fediverse Foundation has allocated designated server racks at the data center.

2.1.1.2 Manual locking system

Outside business hours, all premises are locked.

2.1.1.3 Regulations for external persons

Fediverse Foundation-external persons can only enter the data center if they are granted access by a Fediverse Foundation employee. Thereby they must be supervised by Fediverse Foundation employees or a data center employee at all times.

2.1.2 System access control and authentication

Measures described here are suitable to prevent data processing systems from being used by unauthorized personnel. These measures apply to the whole of the Fediverse Foundation operations.

2.1.2.1 Assignment of user rights

For all services and processes, employees are assigned personal password protected user accounts. All personal devices (computers, laptops, etc.) used to access IT services are protected with a personal user account.

On the servers it is precisely regulated which client has access to which data. Likewise, the users of the systems only have access to those parts of the systems to which they need access (need-to-know principle). User accounts and administrative accounts are handled separately.
It is documented which function can be controlled by which right.
Role-based authorization concept.
It is also documented which rights allow which data access.
User accounts are uniquely assigned to users. There are no impersonal collective accounts.
User accounts and access rights are regularly audited by the Fediverse Foundation operations team.
All systems use encrypted storage of user passwords.

Under no circumstances may administrator passwords be disclosed to third parties.

2.1.2.2 Password requirements

All accounts must adhere to the following password rules:

The password must be at least 12 characters long and contain the following characteristics:

at least 1 capital letter
at least 1 lowercase letter
at least 1 number
multi-factor authentication is implemented where possible

Alternatively, certificates can be used to log into accounts worth protecting (e.g. SSH keys, TLS certificates). In this case, there is no obligation to change the password regularly. However, it is important to ensure safe handling of the private key. This must not be stored unencrypted or passed on. Under no circumstances may passwords, certificates or keys be disclosed to third parties. Furthermore all credential data and/or key material must not be stored unencrypted or passed on.

2.1.3 Protection of the network infrastructure

Administrative access to the Fediverse Foundation servers is granted exclusively via a site-to-site VPN tunnel
Access to the Fediverse Foundation network is protected by a firewall
Access restrictions for certain services are implemented via IP address restrictions. Only ports explicitly allowed are accessible
Regular software and system updates are performed.
A reverse proxy is in place to enhance security and enforce access controls to Fediverse Foundation-hosted services
Fediverse Foundation maintains dedicated network equipment within the data center environment to ensure data protection and multi-tenancy
Segmentation of networks are used within the network infrastructure
Wireless network and LAN networks are separated networks. All wireless networks have proper access restrictions in place.
Monitoring and logging of administrative system access and configuration changes.

2.1.4 Data access control

Measures to ensure that persons authorized to use a data processing system have access only to the data they are authorized to access and that personal data cannot be read, copied, changed or removed without authorization during processing, use and after storage.

2.1.4.1 Regulation of access authorization

Access authorizations are assigned according to the principle of least privilege. This means that the persons who process personal data only have access to data that they actually need.
All once authorized user roles and rights are checked and adjusted at least once a year by the appropriate system operators.
The employee processes for newcomers, movers and leavers ensure that all user accounts and access to all IT services are granted or revoked as necessary, and all equipment fit-out (PC, Laptop, Smartphone, etc.) is handed out or redrawn.
All personal computers must be locked as soon as they are unattended.

2.1.4.2 Evaluation of logs

Protocol logs including access to the systems can be evaluated and deviations can be identified. Depending on the application, this process may be automated.

2.1.5 Separation rule

Measures to ensure that data collected for different purposes are processed separately.

Logical client separation (on the software side).
Strict administrative separation of tasks.
The data processing for the client is logically separated from other clients.
Physical separation of test and production environments and data.
Logical data separation: separate databases or structured file storage
Separate instances for development, test and production systems (sandboxes).
Logging of external support processes.
Specific approval rules for the database and application access / authorization concept.

2.1.6 Privacy by design

Fediverse Foundation systems are designed in a way that only the regulatory necessary data is stored and/or processed.

2.2 Integrity

2.2.1 Transfer of data

Measures to ensure that personal data cannot be read, copied, altered or removed without authorization during electronic transmission or during their transport or storage on data carriers, and that it is possible to verify and establish to which bodies personal data are intended to be transmitted by data transmission equipment.

2.2.1.1 Controlled destruction of data media

Misprints or other documents that are no longer needed are destroyed with a shredder. It is ensured that the document destruction is done with a shredder.
When Data media is wiped by a supplier a contractual and audit procedure has to ensure the complete destruction of the information. Fediverse Foundation has to receive a certification that the destruction has occurred.
- Destruction of physical media according to DIN 32757.

2.2.1.2 Regulation regarding handling of copies

No copies may be made of client data, except for back-ups. Members of staff are contractually obliged not to make copies or to hand over data to unauthorized persons.

2.2.1.3 Encrypted connections

Administrative access to the servers is implemented via a VPN tunnel.
All communication channels across network boundaries between servers are TLS encrypted.

2.2.1.4 Encrypted storage

All media containing personal identifiable data is encrypted at rest

2.2.2 Logging of server and system access and user activities

Measures are in place to log all access requests and activities to Fediverse Foundation servers and systems hosted at the data center. Central gateway devices with two-factor authentication regulate access to the underlying systems which store and forward all access logs to a log management system.

2.3 Availability and resilience

Measures to ensure that personal data is protected against accidental destruction or loss:

The data is automatically backed up daily and kept for at least 30 days.
All servers are protected by firewalls against unauthorized access.
The systems are designed redundantly, so that a failure can be compensated quickly.
Fire and/or smoke detectors.
Cooling system in data center.
Disaster recovery mechanisms for data recovery.

Announcement: Fediverse Foundation data center migration 2024-03-02

Announcement: Fediverse Foundation infrastructure maintenance 2024-02-26

Incident: Partial disruption 2023-09-11 00:10 - 07:20 due to DDoS attack

Announcement: Fediverse Foundation infrastructure update 2023-08-12

Announcement: Change of the CDN of climatejustice.social 2023-07-13

Autoscaling Mastodon's Sidekiq queues with the KEDA operator

Wartungfenster climatejustice.(social+rocks) Sa., 2023-04-22 (Maintenance climatejustice.(social+rocks))

Wartungfenster climatejustice.global Sa., 2023-04-08 (Maintenance climatejustice.global)

Wartungfenster wien.rocks Fr., 2023-03-31 ab 19h (Maintenance wien.rocks)

Incident: Service disruption 2023-04-06 22:54 - 2023-04-07 08:22

Datenschutzerklärung

Data protection policy

Technische und organisatorische Maßnahmen

Technical and organizational measures

Technical and organizational measures

1. Premises

2. Technical security measures

2.1 Confidentiality

2.1.1 Physical access control

2.1.1.1 Key control

2.1.1.2 Manual locking system

2.1.1.3 Regulations for external persons

2.1.2 System access control and authentication

2.1.2.1 Assignment of user rights

2.1.2.2 Password requirements

2.1.3 Protection of the network infrastructure

2.1.4 Data access control

2.1.4.1 Regulation of access authorization

2.1.4.2 Evaluation of logs

2.1.5 Separation rule

2.1.6 Privacy by design

2.2 Integrity

2.2.1 Transfer of data

2.2.1.1 Controlled destruction of data media

2.2.1.2 Regulation regarding handling of copies

2.2.1.3 Encrypted connections

2.2.1.4 Encrypted storage

2.2.2 Logging of server and system access and user activities

2.3 Availability and resilience