We know one of the main reasons our customers use StratoQ is to secure their fleet of printers and multi-function devices (MFDs), and we take security as seriously as you do. You have the expectation that your data and user identities are kept secure, confidential, and available, and we take that very seriously.
If you believe that you’ve found a vulnerability or a flaw in our service’s security or privacy, get in touch with us ASAP at email@example.com.
StratoQ is a hosted service that connects your fleet of MFDs, printers, and scanners directly to other cloud applications. It also allows users to submit print jobs from anywhere and release them directly at the touch panel of a device.
Security in the Cloud
Although print jobs and documents are not permanently stored on our servers, we take care to make sure that your data and documents are secure as they pass through our services on their way to or from a printer or MFD.
Access to third-party services
In order for users to scan or print from third-party cloud services, they must first grant StratoQ access to those other services. StratoQ cannot access third-party data unless individual users opt-in or if an administrator explicitly grants systematic access beforehand.
Overall protection of our service
StratoQ uses industry standard specifications and implementations to protect your data whenever possible. All communications between your device and our servers, as well as communications between our servers and third party servers, use industry standard SSL to protect the privacy of your data. StratoQ tries to minimize the amount of sensitive data we store on our servers (such as security tokens). When we must store a piece of confidential information, we always store it encrypted and, if possible, we store only the encrypted hash instead of the actual information.
Security at the device or desktop
We work directly with hardware manufacturers to secure our applications wherever they are running on the touch-panel of a printer or MFD. Through specialized encryption, API calls to the device to confirm identity, and unique, device-specific configurations, we provide security for your users and their documents. Whenever possible, StratoQ is certified by the hardware manufacturer for compatibility and security.
However, there are many cases where we will make recommendations for system and device admins to even further secure our application, such as safeguarding the admin password for a device. These recommendations should be followed, as they are often consistent with general information technology best practices.
In order to better protect your information StratoQ may require you to add unique information about your hardware, such as serial number or MAC address. This is so we can verify that the correct devices are connecting to our service. We continually monitor our service for questionable requests, and may temporarily step in and stop service if we believe there is a security breach or licensing violation.
We spend a serious amount of time and effort making sure your data is secure from malicious attacks, accidental leaks, and unauthorized access. When you sign up for our services we make the promise not to share your sensitive information - including user info and document data - with your reseller, other customers, or outside parties.
Sometimes PDXware employees need to access the systems that process and store user data in order to troubleshoot issues and improve the service. We limit this access by employee, and we do not access this information unless necessary.
Employees and contractors are not granted blanket access to internal systems and production data, but are limited based off role and seniority. This means that a Tier 1 support agent must be granted access by the customer to view data in order to troubleshoot an issue, but a senior Tier 3 technician may be able to do so immediately in the case of a service emergency or outage.
StratoQ's cloud servers are provided by Heroku, which are compliant with the EU-US Privacy Shield and the US-Swiss Safe Harbor frameworks. See https://www.heroku.com/policy/privacy for more information.
We know that customers use our service to log access and use of their hardware fleet, so we keep records every time our service is accessed.
We recommend that all customer administrators strongly consider requiring MFA for admin and user access, both from the desktop and at the MFD.
Encryption of data on the server: StratoQ uses industry standard OAuth session tokens to access customer data stored on third party servers. The session access tokens are not permanently stored on the StratoQ servers. Some forms of authentication require that StratoQ obtain and store a per user Refresh Token. StratoQ individually salts and encrypts these refresh tokens when it needs to store them on our servers. Typically, third parties provide a mechanism that allows users to revoke a refresh token. For authenticator secrets, StratoQ only stores the encrypted hash, and not the actual secret.
All communications between your devices and our servers as well as communications between our servers and third party servers you authorize us to access, use industry standard SSL to protect the privacy of your data.
We know that your users depend on our services, and we take that responsibility very seriously. That’s why we’ve built StratoQ to be fault tolerant and highly reliable. We test failure scenarios regularly, and we design our service in such a way that a failure at one location or with one part of the product is as isolated as possible from other parts of our service.
Customer data is stored redundantly at multiple locations in our hosting provider’s data centers to ensure availability. We have backup and restoration procedures, which allow recovery from a major disaster. Customer data and our source code are automatically backed up nightly. The operations team is alerted in case of a failure with this system.
Internal Network Protection
All of StratoQ's servers run inside of protected, secure facilities, and run on internal virtual private networks to isolate them from other servers running in the same facility.
Removal of Customer Data
Customer data is kept for purposes of security logging and usage reporting. However, when a customer ends a trial of the product or ends the service commitment, we reserve the right to remove historic customer data at any point.
We want to be up-front and transparent with our customers as possible. This includes notifying you of routine updates that may affect service, as well as giving full disclosures if we ever find a security breach.
Additionally, we promise to review and governmental request for customer data. If a request is too broad we will seek to narrow it according to legal precedent.
Changes to our Security Policy
If we decide to change our Security Policy, we will post those changes on this page, and/or update the Security Policy modification date at the top of this page.
If there are any questions regarding this Security Policy, you may contact us using the information below.
2505 SE 11th Ave, Suite 354, Portland OR 97202
What data do we collect?
General information about your account We will require you to give certain information in order to configure our service, such as company name, domain and time zone. This information helps us track usage and billing with our resellers, and in many cases it is necessary for key features of the application.
Collection of basic information about your end users is necessary to provide reporting services and personal customization of the product. Any user information that is not required for an administrator-required feature or setting will be requested on an opt-in basis. Some sample data points we collect are email address, user name, and customer domain.
Usage statistics and metrics:
StratoQ will record as much relevant information as required when a user accesses our services. We do this in order to safeguard security and to provide accurate, detailed usage reports to customer administrators. Things like IP address, time of access, device of access, document and job metrics, and user behavior may all be recorded.
Information about your documents:
In certain cases we will access the documents users print and scan as they pass through our services. In most cases, this is done only when a feature or setting is activated that requires it. Reasons for this access may include workflow scanning, predictive analysis, or compliance rules. StratoQ will also record metadata about print and scan jobs, although not all of this data will be permanently stored.
Why do we collect this data?
Functionality Much of the data we collect about our customers and users is necessary to provide our feature set in the first place. For instance, StratoQ must request a list of documents from your cloud service in order to display them to you for printing at the MFD (multi-function device).
In order to make sure that our customers are using our service in accordance with their usage contract, we often need to verify user and device information.
To safeguard our service:
Knowing who, what, and where is incredibly important when it comes to guarding our customers’ data. We use this information to keep your data secure and private.
To market our products:
We will never give out specific information about your account or your users unless you explicitly allow us to do so. However, we may use generic metrics about how you use the application, such as average number of users and print volume.
To improve our service:
We’re always working to make your experience secure, fast, and easy-to-use. In order to do this we sometimes need to track how your users interact with the application, both at their computer and at the MFD.
Who will we share this with?
Employees and contractors Our developers, designers, support agents, and sales team sometimes need to access customer data in order to troubleshoot or market the service. This access is logged where possible, and is subject to our Security Policy. Access by Tier 1 support and marketing/sales will only be done with customer permission.
Different users and administrators within your account will have access to data based on their role. These roles can be configured by your account administrator, and can be revoked at any time. We allow you to grant access on an opt-in basis, so by default users may only access their own data unless explicitly given permission otherwise.
We will sometimes use anonymous statistics to market our product, or we may announce the name of a new customer has signed on. Specific information about your account such as user info or usage statistics will not be shared. You can request that we keep your information anonymous by contacting firstname.lastname@example.org.
Law and order
When requests are made by governmental agencies we seek to protect your right to privacy and security. When such requests are made we promise to review and scrutinize the request, and to narrow it as much as possible.
Change of Ownership
If we were to merge with or be acquired by another company, we may share information with them.
How do we protect your information?
We will protect your data and information from malicious and accidental intrusions according to our Security Policy.
Sometimes are stored in order to improve the performance of our application and to aid user functionality and security. These cookies may be used at the desktop browser application as well as on the embedded browser of the MFD. These cookies will never contain sensitive information such as a user password.
2505 SE 11th Ave, Suite 354, Portland OR 97202