Trust

Trust at Tape

From day one, our mission at Tape has been to give a community and ourselves a future digital home for work. High reliability, a community-driven feature roadmap and data security are fundamental requirements to accomplish this goal and are key elements of Tape’s products and services. Protecting your data and earning your trust is core to us. Therefore, we have implemented and keep on developing technical and organizational measures to ensure the secure processing of information.

We want to give you further insights so that we can succeed together with peace of mind. Let's answer the following question: How can Tape ensure reliability and speed even with fast growth and a high volume of data under maximum load?

Tape is a multi-tenant platform, which means that multiple organizations share the same instance of Tape. This approach introduces a challenge: How to keep an instance fast and reliable with more and more organizations using it? The more organizations use the same instance, the less computing resources will be available to each individual organization. Adding more resources is only a temporary solution as even the largest database can only process so many operations per second. We at Tape are aware of this issue and set out to solve this problems at the design phase to ensure a performant and reliable platform no matter the scale. Luckily, this problem has already been solved at scale by Salesforce using an organization-centric approach that we have fully leveraged in our architecture to ensure maximum reliability and speed for our customers.

An organization-centric platform architecture, like the one used by Salesforce and Tape, is based on the complete isolation of organizations. The multi-tenancy is achieved by partitioning all data via the unique organization ID. However, due to the complete isolation (a user, workspace, app or record can never be accessed from two different orgs), it is possible to create as many instances of Tape as needed to guarantee the performance and reliability of the platform. If a lot of new organizations sign up, a new instance of Tape will be created where those organizations will live so that the existing instance is not overloaded.

Contrast this with the user-centric approach, where each user can potentially see and interact with every piece of data on the platform. This approach is very uncommon for (enterprise) business software and much more suitable for social networks like Facebook, where it is absolutely necessary that every single user can potentially interact with every other user, post or comment that exists. This capability comes at a big price: All organizations have to run on a single (gigantic) instance, as no piece of data can live completely isolated from another piece of data. This makes it much harder and sometimes impossible to guarantee the speed and reliability of the platform once it grows past a certain size.

Tape was built from day one using the publicly available architecture knowledge of Salesforce. We are confident that Tape can scale seamlessly by following these architecture patterns. Features like a unique organization URL and guest accounts are already in preparation for the scalable multi-instance architecture.

How Tape earns trust

Tape covers these essential needs, so teams can succeed with peace of mind.

Reliability & speed

We continuously invest in our infrastructure and technology to maintain high levels of reliability and speed.

Security

Data protection is key to support teams’ success, so we incorporate security into our product and operations.

Privacy

We're committed to protecting your privacy through our product, infrastructure, and data governance.

Reliability & Speed

Don't miss a beat

Tape is the system of record for its customers. Its flexibility enables a range of sensitive and mission-critical use cases, which requires us to hold ourselves to the highest performance and reliability standards.

Uptime and availability

Tape offers full transparency into system status in real-time and for historical incidents. You can check the current status of our systems here.

Testing and updating strategy

Automated end-to-end testing strategy to ensure correctness and health of the system entirety. This allows us to release new features or fix bugs several times a day. For a worst-case scenario, the rollback operation returns the system to some previous state without losing data.

Release features to reduce system load

Identify workarounds and develop new features together with the community. As an example, layout options for records are planned to reduce the system load for building sections with headers using calculation fields

Secure database concepts

We take regular snapshots of the database and securely move them to a backup data center so that we can restore customer access, even in the event of failure of the primary region.

Business continuity

Tape’s infrastructure investments allow automating full-domain exports through our API and via webhooks. All customers can get sent data to CSV manual at the organization level.

Own usage

In a nutshell, we rely on the availability of Tape every day. We have built our entire business processes and data on top of Tape. We believe that the best product can only be created if you use it yourself.

Security

Protect your work

We put security at the top of our priority list, and we are committed to keeping our customers' data secure using the most stringent security measures available.

Application security

Tape follows best-practices in web application development. All authentication mechanisms including session cookies are generated using a cryptographically secure pseudorandom number generator and are protected against common attack vectors like CSRF or XSS. User passwords are stored using BCrypt with unique salts. File download URLs are randomized, signed and expire after a certain amount of time. All API traffic is secured via HTTPS and access tokens can be revoked or re-generated. Webhooks for apps only send out metadata of the event to the external system. Security critical operations like changing your e-mail address require the re-entering of the account password.

Infrastructure security

Tape services and data are hosted using Amazon Web Services (AWS) facilities (eu-central-1) in Germany within a virtual private network that cannot be accessed via the public internet, except via our public-facing load-balancers. All data is encrypted at rest via AWS RDS AES-256 encryption. The networking configuration has been rigorously setup following best-practices like SSH jump-hosts, security groups and IP whitelisting. All traffic is encrypting using transport layer security (TLS) with a recommended configuration that strikes a good balance between security against well known attacks while still supporting a wide range of client devices. Access to the production infrastructure is only granted to a limited set of employees on the principle of least privilege, enforced via custom AWS IAM policies.

Low-code security

As a low-code platform, Tape needs to take special security measures to ensure the safe execution of user provided code. This is accomplished via a multi-layered security architecture. The executed code itself is secured via built-in security mechanisms of the JavaScript execution engine. The engine itself is restricted using Linux process privilege management as well as Linux kernel features like namespaces and Cgroups. Finally, the usage of containerization technology allows Tape to control access to the host system, filesystem and networking capabilities. Overall, these are all well established security mechanisms used in browsers, mobile operating systems and multi-tenant cloud environments to isolate and secure customer workloads.

Privacy

What happens on Tape - stays on Tape

We have a comprehensive privacy compliance program that aligns our practices with regulations such as the DIN ISO/IEC 27001 and DIN ISO/IEC 27018 certified and guarantue the highest level of data protection security.

Your data is your own

A customer owns and controls all content submitted to their organization. Tape processes customer data on behalf of the customer. On any plan, organization owners and admins can use full-domain exports through our API and via webhooks and can get sent data to CSV manual at the organization level.

Data protection

As part of our preparations for the GDPR, we have scrutinised all our processes, technical measures and conditions. We also reviewed our hosting concept with regard to data protection. With the involvement of various experts (including data protection officers from Projekt29, we defined a series of measures to achieve an optimal solution for our customers.

Data residency & encryption

All customer data is stored on servers within the European Union. To ensure security, all data is encrypted at rest (Encryption at rest) and in transit over public networks (Encryption in transit).

Join and shape the journey of Tape.

Status
©2024 Tape Technologies GmbH