At Wonda, employee accounts are managed by an admin who is the most senior person that is responsible for using the service.
Upon joining the company, a Google Apps for Business email account is created for the new employee by an admin. Then all other accounts are created using this email address.
When an employee leaves the company, their access to their Google Apps account is revoked then their accounts in other services is revoked by admins. This includes their access to any developer accounts and any access to our information systems.
When an admin leaves the company, a new admin is assigned to the service then the account of the leaving employee is revoked.
Information systems access control policy
At Wonda, we don’t operate our own data center but create our infrastructure and information systems at providers such as Amazon Web Services. These providers offer industry established mechanisms for access control including:
Admin account support to manage other user accounts
API or Access Keys that can be revoked when they are no longer needed.
Also, as mentioned in the accounts management paragraph, when an employee no longer needed access, or when they leave the company, their access is revoked.
Password management program
We use Dashlane to securely manage our passwords.
Dashlane is an enterprise-level password manager that enables employees to:
Generate unique strong passwords for each site or service
Easily use these passwords when required in order to reduce the friction to adopt strong passwords (dedicated mobile apps, auto-login and auto-fill features, …)
Separate personal and work accounts and passwords
Dashlane also offers a range of features that improve the security at the company level:
Remote deprovisioning of employees accounts when they leave the company.
Sharing passwords securely between team members with the possibility to revoke them.
Monitor the team security score with tips on how to improve it.
Operations Security Overview
The infrastructure used by Wonda is hosted on Google Cloud (Gcloud) where we only use managed services such as DynamoDB, API Gateway, Lambda Functions and Elastic Video Transcoder. Since these services are managed by Google Cloud, they fully benefit from the security they apply to their data center as documented in the document Google Cloud Security Terms.
What kind of privacy and security policy do you provide for my projects?
Upload and Download are done with the https protocol on the port 80. We use Google Cloud to host your content. Our servers generate a temporary unique signed url that is used to securely upload files to Google Cloud.
Content synced with your solution is similar to unlisted content on Youtube. So If you don't share the deep link or QR code of your project nobody else than you will have access to it. Note that we don't share your project with any other third party solution.