FuseOffice — Security & Data Protection
Intro:
FuseOffice treats security and data protection as a top priority. This page explains the technical, physical and organisational measures we operate to protect customer data. If you have a security concern, please follow the responsible disclosure process below.
Data isolation
Each customer’s data is logically separated. We use tenant isolation at the application and database level to prevent cross-tenant access. Access to your data is limited to the minimal set of services and personnel required to operate and support the platform.
Access control & authentication
- Role-based access controls (RBAC) restrict privileges by role and job function.
- User passwords are hashed and salted using industry-standard algorithms; passwords cannot be retrieved, only reset.
- Multi-factor authentication (MFA) is supported for administrative and privileged accounts.
- All administrative actions are logged and monitored.
Encryption & network security
- Data in transit is protected using TLS 1.2+.
- Sensitive data at rest is encrypted using AES-256 or equivalent.
- Internal server-to-server communications are encrypted.
- Network protections include firewalls, intrusion detection/monitoring, and DDoS mitigation controls.
Infrastructure & resilience
- Services are hosted with reputable cloud/data centre providers (trusted regional providers).
- Backups are taken regularly, encrypted in transit and at rest, and stored in separate geographic locations.
- Documented recovery objectives (RTO/RPO) and periodic recovery drills are maintained.
Secure development & vulnerability management
- Secure coding practices and automated security scanning (static and dynamic analysis) are part of our CI/CD pipeline.
- Scheduled vulnerability scans and periodic third-party penetration tests by accredited testers.
- Critical vulnerabilities are triaged and remediated according to our vulnerability-response SLA.
Incident response & notification
- We maintain an incident response plan. In case of a security incident impacting customer data we will:
(a) promptly investigate,
(b) provide initial notification to affected customers, and
(c) follow up with remediation details and recommended customer actions. - Notifications are delivered in accordance with applicable law and the customer agreement.
Privacy & compliance
- We process personal data only according to our Privacy Policy and customer agreements.
- We aim to comply with applicable data protection laws and will assist customers with data processing and access requests as required by law.
Responsible disclosure
We welcome responsible disclosure from security researchers. Please email reports to: security@fuseoffice.com
with: summary, steps to reproduce, impact, and contact details.
Do not exploit, publish, or exfiltrate data. We will acknowledge receipt and engage to validate and remediate.
Legal caveat
The descriptions above summarize our security practices and controls as implemented at the time of publication. They are operational statements of practice and are not promises of absolute security. For binding security commitments, please refer to the terms set out in our Master Service Agreement (MSA) or contact our legal team.
Contact
- Legal inquiries: legal@fuseoffice.com
- Security reports: security@fuseoffice.com