Security

Need to report a bug or a security vulnerability?

If you find a security vulnerability, please send an e-mail to support@taiga.io detailing your findings. The Dev team will address the problem, update the stable branch of the repositories in GitHub and update our servers. If you have your own instance and report a vulnerability, you will be able to quickly upgrade to the new stable version.

If you find a bug related to your data or your account in Taiga, please send us a mail to support@taiga.io and we will resolve it as soon as possible.

To report any other bugs, you can use the GitHub repositories of Taiga, where you can also send requests for enhancements. Please do not use Twitter or GitHub for support questions or questions related to the use of the application.

Datacenter Security

Taiga's infrastructure is an Infrastructure as a Service (IaaS). It's hosted and managed by AITIRE CLOUD in Digitalrealty's INTERXION MAD3 datacenter in Madrid, Spain. AITIRE CLOUD maintains the configuration of its infrastructure devices, guest operating systems, databases and services, and we manage and configure the applications.

This infrastructure is composed of the hardware, software, networking, and facilities that run AITIRE CLOUD.

• AITIRE CLOUD has certification for compliance with:
  • ISO/IEC 27001:2013 - Information security management systems — Requirements.
  • Esquema Nacional de Seguridad (ENS).
• INTERXION MAD3 datacenter has certification for compliance with:
  • PCI-DSS
  • ISO 9001
  • ISO 14001
  • ISO 20001
  • ISO 22301
  • ISO 27001
  • ISO 50001
  • ENS
  • SOC1
  • SOC2
• INTERXION MAD3 also counts with security measures such as 24×7 on-site security personnel, CCTV and biometric/photo badge access.
• AITIRE CLOUD is committed to important EU privacy, portability, and digital sovereignty programmes -- including APECDATA

Data Security

Systems access are always encrypted and restricted, according to principle of least privilege

• Systems are designed to prevent remote access by INTERXION personnel to customer data for any purpose, including service maintenance
• All data exchanged with tree.taiga.io is always transmitted over SSL
• Data are saved on an off-site backup, in an object storage system, and we encrypt data in transit via SSL-encrypted endpoints

Employee access

No team member of TAIGA CLOUD SERVICES S.L., KALEIDOS INC SUCURSAL EN ESPAÑA S.L. or third parties hired by TAIGA CLOUD SERVICES S.L. are authorized to access private project data unless required to do so for support reasons. Support staff may sign in to your account to access settings related to your support issue. When working a support issue, we do our best to respect your privacy as much as possible.

Contact Us

If you have a question, concern, or comment about Taiga security, please contact us: security@taiga.io.