When our clients decide to use Metadrive it is because they are highly convinced that we protect the information.
After all, we respect user’s information and we limit ourselves to storing just the necessary information to configure the use of the platform.
In this article, we will tell you some key points of our security and data protection policy. The reasons why more and more companies trust Metadrive as their business information management.
Login
Metadrive uses the Google account login, which uses the OAuth2 flow, so we don’t do any password management. By using this system, we automatically apply all the Google security, such as 2-step verification and control of the devices from which you log in.
Documents
All documents are stored in users’ Google Drive domain. As a result, all the files that are managed in Metadrive are automatically segregated, since they are stored in different Google domains.
Metadrive does not have access to user documents. It uses the user’s permissions to perform operations on them, so there cannot be any unauthorized access to your information.
Metadata
We only store the properties’ configuration and workflow settings. The metadata is stored in the Google Drive documents themselves. Metadrive does not index the information.
Infrastructure
Metadrive is hosted on Google Cloud Platform, and specifically on the Google App Engine service. This is one of the safest platforms as a service on the market, with certifications such as SOC2, SOC3, ISO 27001, ISO 27017, ISO 27018, FedRamp ATO, and PCI DSS.
Data transfer
All information transferred to and from Metadrive is encrypted by industry-standard protocols such as SSL / TLS. Metadrive front ends are managed by Google App Engine, which provides highly secure web servers, which are regularly updated against any detected vulnerabilities.
Since Metadrive is hosted on Google Cloud Platform, the information exchanged between the application and Google Drive is transferred via Google’s private network.
Internal politics
At Evebytes, our internal policy is Cloud only. In this way, we make sure that everyone can work from anywhere.