StratoQ Website Security Policy

Last updated Jan 2, 2020

Overview

We know one of the main reasons our customers use StratoQ is to secure their fleet of printers and multi-function devices (MFDs), and we take security as seriously as you do.  You have the expectation that your data and user identities are kept secure, confidential, and available, and we take that very seriously.

If you believe that you’ve found a vulnerability or a flaw in our service’s security or privacy, get in touch with us ASAP at security@stratoq.com.

Service Architecture

StratoQ is a hosted service that connects your fleet of MFDs, printers, and scanners directly to other cloud applications.  It also allows users to submit print jobs from anywhere and release them directly at the touch panel of a device.

Security in the Cloud

Generally, print jobs and documents are not permanently stored on our servers. We take care to make sure that your data and documents are secure as they pass through our services on their way to or from a printer or MFD.  In the case of a StratoQ My Prints queue, we take every precaution possible to safeguard print jobs while they are waiting to be released at an MFP, and we delete them as soon as possible afterwards.  All data and documents are programmatically separated between individual customers.

In the case of My Prints internal print job storage, we take precautions to make sure that users' print jobs are backed-up and encrypted, both at transit and at rest.  We use a multi-regional Amazon S3™ architecture to assure that documents are available with the highest uptime and protection.  Print jobs are reproduced in different physical facilities for disaster recovery reasons, and versioning is also implemented in order to recover data in the case of a loss.  More information is available here and here. 

In the case of a Google Cloud Print ™ virtual queue, the jobs are stored with Google and marked as paused until they are requested by the user at the MFP.

Access to third-party services

In order for users to scan or print from third-party cloud services, they must first grant StratoQ access to those other services.  StratoQ cannot access third-party data unless individual users opt-in or if an administrator explicitly grants systematic access beforehand.

Overall protection of our service

StratoQ uses industry standard specifications and implementations to protect your data whenever possible.  All communications between your device and our servers, as well as communications between our servers and third party servers, use industry standard HTTPS to protect the privacy of your data.  StratoQ tries to minimize the amount of sensitive data we store on our servers (such as security tokens).  When we must store a piece of confidential information, we always store it encrypted and, if possible, we store only the encrypted hash instead of the actual information.

Security at the device or desktop

We work directly with the hardware manufacturer’s SDKs to secure our applications on the touch-panel of the MFD.  Whenever possible, StratoQ is certified by the hardware manufacturer for compatibility and security.

However, there are may be cases where we will make recommendations for system and device admins to even further secure our application, such as safeguarding the admin password for a device.  These recommendations should be followed, as they are often consistent with general information technology best practices, and they can generally be found in our knowledge base.

In order to better protect your information StratoQ may require you to configure your MFP to our recommendations and configure authentication applications, e.g., Drivve | Print to our specifications. We may temporarily suspend or partially suspend service if we believe there is a security breach or licensing violation.

Confidentiality

We take care to ensure your data is secure from malicious attacks, accidental leaks, and unauthorized access.  When you sign up for our services we make the promise not to share your sensitive information - including user info and document data - with your reseller, other customers, or outside parties.  

Sometimes our employees need access to the systems that process and store user data in order to troubleshoot issues and improve the service.  We limit this access by employee, and we do not access this information unless necessary.

Personnel

Employees and contractors are not granted blanket access to internal systems and production data, but are limited based off role and technical needs.   

Compliance

StratoQ's cloud servers are provided by Heroku, which are compliant with the EU-US Privacy Shield and the US-Swiss Safe Harbor frameworks.  See https://www.heroku.com/policy/privacy for more information.

Two-factor Authentication

We recommend that all customer administrators strongly consider requiring Two-factor authentication for admin and user access, both from the desktop and at the MFD.

Encryption Policies

All communications between your devices and our servers as well as communications between our servers and third party servers you authorize us to access, use industry standard HTTPS to protect the privacy of your data.

Availability

We know that your users depend on our services, and we take that responsibility very seriously.  That’s why we’ve built StratoQ to be fault tolerant and highly reliable.  We design our service in such a way that a failure at one location or with one part of the product is as isolated as possible from other parts of our service.

Internal Network Protection

All of StratoQ's servers run inside of protected, secure facilities, and run on secure networks to isolate them from other servers running in the same facility.

Transparency

We want to be up-front and transparent with our customers as possible.  This includes notifying you of routine updates that may affect service, as well as giving full disclosures if we ever find a security breach.

Additionally, we promise to review any governmental request for customer data.  If a request is too broad we will seek to narrow it according to legal precedent.

Changes to our Security Policy

If we decide to change our Security Policy, we will post those changes on this page, and/or update the Security Policy modification date at the top of this page.

Contacting Us

If there are any questions regarding this Security Policy, you may contact us using the information below.

PDXware

2505 SE 11th Ave, Suite 354, Portland OR 97202

feedback@stratoq.com