Why your prototypes are in safe hands

We understand that many businesses place great emphasis on security, which is why at Pidoco we go the extra mile to keep your data safe. German engineering doesn’t just mean that we abide by some of the strictest laws on data protection in the world, we have also engineered our product to keep your projects safe. An up-time of our system of more than 99.9% in 2013 is evidence of our dedication to providing safe and stable services.

Personal Data

At Pidoco we believe that scarceness of data collection is the best way of preventing data abuse. This is why Pidoco keeps the collection of personal data to an absolute minimum necessary for providing our services. In storing and processing these data Pidoco abides by the “8 Commandments of Data Security” based on the very strict and comprehensive German data protection laws (http://www.gesetze-im-internet.de/englisch_bdsg/englisch_bdsg.html#p0649). These ensure that the highest control and protection standards are met in regard to access to and accessibility of, transfer and circulation of, input and change of, availability and separation of personal data as well as to the commission of data processing. As part of these standards we keep our website and servers secure and safe.

Our Website

Like all our publicly accessible systems, the Pidoco website (https://pidoco.com) is protected by secure certificates and passwords. We use SSL encrypted secure connections (HTTPS) similar to those standards that financial institutions use for online banking. We also employ so-called “forward secrecy” for data transfers, which prevents past data transfers from being compromised. In addition, our website is fully certified for electronic payment transactions. Only a limited number of trusted administrators work with our live system and their access is logged to make it verifiable.

SSL

Our Servers

We operate our servers in professionally managed award-winning data centers with very high security standards based in Germany only. Our server provider is bound by data protection contracts with us, abides by the “8 Commandments of Data Security” as well and is dedicated to ensuring security and safety standards in general. Physical firewalls, UPS for all servers, CCTV, video surveillance of the facilities, smoke sensors and early fire detection systems with a direct line to the local fire department are used to keep your data safe. Our specialized trusted server provider is certified by official German institutions and works for your data security 24 hours a day, 365 days a year.

In addition, our server provider is also dedicated to the environment, using only renewable energy sources.

 

Servers_with_lock

 

Content Data

Pidoco users create and share content all the time mostly in the form of prototypes. The measures described above apply to keep them safe and secure, too. Additional measures are designed specifically to keep your prototypes safe:

Your Prototypes

Your prototypes are backed up at least once every 24 hours, so your work will never get lost. Backups are encrypted and stored on redundant servers in different German cities, so we can restore data in the unlikely event that this becomes necessary. Consequently, any progress you have made on your work is always secured even if your own system shuts down.

Putting You In Control

At Pidoco, we save your work automatically and for peace of mind, we also let you save restore points for your projects as you prototype – so-called “versions” or “milestones”. To do so, just click on the Save button in the Toolbar. That way you can always go back to a previous version of your prototype if anything should happen. In addition, our daily backups create new milestones of prototypes you have edited that day, so you can jump back to these milestones as well.

Pidoco also provides you with options for downloading prototypes as HTML, PNG or SVG files to store on your local hard drive for times when you will be offline or as additional backup.

Collaboration

At Pidoco we make collaboration as secure as possible. When you share your prototypes (e.g. by clicking on the Envelope icon in the Toolbar) you decide who will gain access and what the invitee will be allowed to do. Your options for custom invites are: viewing the prototype, adding comments to it, viewing and administering it, or co-editing your prototype. Invitations are sent by email, so only the person whose email address you specify will receive the unique invitation URL to your prototype. Only people with this URL will be able to access your prototype. Invitation URLs can be deleted at any time if you decide to revoke access.

Special Requirements

If you have special requirements with regard to security and safety, we offer a range of solutions, including dedicated server and in-house systems. With the Pidoco Enterprise Edition, we can engineer solutions to suit your particular needs. Please email us at sales@pidoco.com if you would like to receive information on our Enterprise Edition.

 

Still have questions about our data protection systems? Comment below, or email us at service@pidoco.com.

 

CeBIT raffle: Congratulations to our winners

Champagne_Showers_2_by_Merlin2525

The dice have fallen, luck has decided, the winners of the Pidoco CeBIT raffle have been determined! Every visitor at our CeBIT booth who left their contact with us participated in the raffle automatically. Whether they talked directly to us or just left their card in the box provided was of no significance, everybody had the chance of winning a 6-month Expert License for Pidoco’s Usability Suite.

Ten lucky winners have been informed of their wins via email and we congratulate them warmly. We hope you will enjoy using Pidoco.

Congratulations from the entire Pidoco Team!

If you were not among the lucky winners or missed us at CeBIT and would like to pre-trial the new features of our next release, email us at support@pidoco.com.

Security Announcement: OpenSSL security breach “Heartbleed“

Earlier this week security experts detected a significant security breach in some versions of the popular OpenSSL encryption software that is being used on about two thirds of all secure web sites. The bug is now commonly referred to as Heartbleed. It allows stealing the information normally protected by the SSL/TLS encryption used to secure the internet. Most significantly the breach compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.

Source: Wikimedia Commons
Source: Wikimedia Commons

Pidoco’s counter measures

Pidoco has immediately reacted to the discovery of the security issue and fixed the problem. We updated our servers to a new and secure OpenSSL version on Tuesday, April 8, 2014 at 11:58 AM UTC and have replaced our existing SSL certificates with new and secure ones since.

In addition, although our internal audit produced no evidence of the Pidoco systems having been compromised, all active user sessions were terminated to minimize potential exposure.

We have also taken measures to directly inform all users who might have been affected. To find out if you have been affected, please check your email.

 

Who has been affected?

Since Pidoco had only just begun using the breached OpenSSL version on March 2, 2014, only Pidoco users who logged on to their Pidoco accounts between March 2, 2014 and April 11, 2014  may have been directly affected by the breach. To those users we strongly recommend following the instructions below. Since Pidoco follows best practices in using forward security only this time frame is relevant to the breach.

In case you did not log on to your account in the period stated above but use your Pidoco password for other web services as well, we also recommend to follow the instructions below, as your login data may have been compromised using another online service (e.g. online mail providers, social media platforms, etc.). You can check which websites are (still) using the breached version of OpenSSL here.

All our other users are not directly affected by the breach pertaining to their use of Pidoco services. For peace of mind you may still want to follow the instructions below.

 

Recommendations for affected users:

Change password

1. Log on to your Pidoco account and click on “My Account” in the upper right corner

How to navigate to "My Account"

2. Go to “My Profile”, type in your current password and your new password in the input fields provided, and click on save.

 

How to change your password

3. A message will appear confirming the change

If you use your Pidoco password for other web services, too, and have logged on to your Pidoco account between March 2, 2014 and April 11, 2014, we advise you to change the password for these services as well.

 

Our dedication to your data security

We are dedicated to keeping your data secure and safe. Please be ensured that we are taking appropriate measures towards this end. If you have any questions on the topics discussed in this blog post or on data security at Pidoco in general, please don’t hesitate to contact us via email (support@pidoco.com) or phone (+49 30 4881 6385). We will be happy to answer your questions.

Looking back: Pidoco at CeBIT 2014

Each March Hannover turns into a digital hotspot as CeBIT, the world’s largest IT trade fair, takes place. At this year’s CeBIT, once again, Pidoco was present with its own booth introducing its latest product version that makes prototyping even more powerful.

Blog_CeBIT2014_Booth

Pidoco’s booth at CeBIT 2014

With its new focus on “business only”, this year’s CeBIT was organized around a new concept that seemed to be well perceived. Of the 210.000 CeBIT visitors a delightfully large number found their way to our booth where they could gather information on Pidoco, enjoy a live product presentation and personally perform hands-on tests of the Pidoco Usability Suite. A particular highlight was the possibility to pretrial new features that will be part of the new product version enhancing the tool especially in regards to mobile features and simulation capabilities.

For me and the rest of our team it was a great opportunity to network with existing customers, enjoy conversations with interested visitors from more than 100 countries and receive feedback on our product and the new features to come.

The few short breaks were a great opportunity to explore the fair and its main themes big data, data security and cloud computing. Things like dancing robots, waterproof displays and other cool gimmicks caught the eye, but it was especially interesting to find out what the more than 300 startups present at CeBIT this year had to offer.

CeBIT Run

CeBIT Run passing Pidoco’s booth

We also enjoyed hearing about data security and how IT will affect our society directly from our Federal Chancellor Angela Merkel and British Prime Minister David Cameron as well as cheering for the participants of the CeBIT-Run who directly passed our booth.

We’d like to thank all those who visited us at our booth as well as the team for a great event and are looking forward to next year’s CeBIT.