Security & Confidentiality
Wonda avatar
Written by Wonda
Updated over a week ago

Accounts management

At Wonda, employee accounts are managed by an administrator who is the most senior person that is responsible for using the service.

Upon joining the company, a Google Apps for Business email account is created for the new employee by an admin. Then all other accounts are created using this email address.

When an employee leaves the company, their access to their Google Apps account is revoked then their accounts in other services is revoked by admins. This includes their access to any developer accounts and any access to our information systems.

When an admin leaves the company, a new admin is assigned to the service then the account of the leaving employee is revoked.

Information systems access control policy

At Wonda, we don’t operate our own data center but create our infrastructure and information systems at providers such as Google Cloud. These providers offer industry established mechanisms for access control including:

  • Admin account support to manage other user accounts

  • API or Access Keys that can be revoked when they are no longer needed.

Also, as mentioned in the accounts management paragraph, when an employee no longer needed access, or when they leave the company, their access is revoked.

Password management program

We use Dashlane to securely manage our passwords.

Dashlane is an enterprise-level password manager that enables employees to:

  • Generate unique strong passwords for each site or service

  • Easily use these passwords when required in order to reduce the friction to adopt strong passwords (dedicated mobile apps, auto-login and auto-fill features, …)

  • Separate personal and work accounts and passwords

Dashlane also offers a range of features that improve the security at the company level:

  • Remote deprovisioning of employees accounts when they leave the company.

  • Sharing passwords securely between team members with the possibility to revoke them.

  • Monitor the team security score with tips on how to improve it.

Operations Security Overview

The infrastructure used by Wonda is hosted on Google Cloud (Gcloud) where we only use managed services such as DynamoDB, API Gateway, Lambda Functions and Elastic Video Transcoder. Since these services are managed by Google Cloud, they fully benefit from the security they apply to their data center as documented in the document Google Cloud Security Terms.

What kind of privacy and security policy do you provide for my projects?

Upload and Download are done with the https protocol on the port 80. We use Google Cloud to host your media and experiences. Our servers generate a temporary unique signed url that is used to securely upload files to Google Cloud.

Any experience created with Wonda can be shared similarly as an unlisted content on Youtube. So If you don't share the deep link or QR code of your project nobody else than you will have access to it.

Besides, you can share your experience created with Wonda so that only people with the link who are a member of your organisation can join, either via SSO, via LTI or by being personaly invited by email to join your collaborative space within Wonda.

Did this answer your question?