FAQs
Question | Answer | Additional Info | |
|---|---|---|---|
| 1 | What operating systems does Circularo utilize? | As per our internal guidelines, we utilize the latest LTS version of the Debian operating system. For on-premise deployments, clients have the flexibility to use their preferred Linux based operating system (f.e. Ubuntu). | |
| 2 | What databases are employed within the Circularo system? | The Circularo application utilizes Elasticsearch for all its database requirements. Elasticsearch offers robust indexing and search capabilities, ensuring efficient and reliable data storage and retrieval essential for Circularo's functionalities. For temporary data caching, Redis is employed, further enhancing the performance and responsiveness of the application. Notably, Circularo does not utilize SQL databases, relying instead on NoSQL technologies. As a result, any risks associated with SQL databases, such as SQL injection attacks, are not applicable to our system. | |
| 3 | What web server software does Circularo use?
| Web server software utilized by Circularo includes nginx for it’s front-end, and Caddy for edge servers. |
|
| 4 | What programming or scripting languages are used in Circularo? | The main programming and scripting languages we use include JavaScript, Java, Bash, and Go. For the frontend of our application we utilize the Angular framework, while the backend runs on Node.js. Other additional languages are used for internal services, components, and support scripts. | https://developer.mozilla.org/en-US/docs/Web/JavaScript https://docs.oracle.com/en/java/index.html |
| 5 | What are the licencing options for Circularo? | We offer both user-based and transaction-based licensing options for Circularo. For more detailed information, please refer to our licensing FAQs available on our website. These FAQs outline the specifics of each licensing plan, helping you choose the option that best suits your needs and requirements. | https://terms.circularo.com/terms/latest/circularo-sales-and-licensing-faqs |
| 6 | Where are the Circularo application servers located (e.g., on-premises, cloud, remote)? | Circularo supports two types of deployment: Cloud (SaaS for plans up to enterprise) and on-premise (self-hosted ultimate plans) deployments. Our SaaS services are hosted in Microsoft Azure datacenters in Dubai and Europe, with an additional deployment in the Amazon cloud in KSA. On-premise solutions allow for deployment on the client’s own infrastructure. |
|
| 7 | Where does the Circularo cloud data reside? | For UAE: The Circularo cloud data resides in a Microsoft Azure datacenter located in Dubai, UAE. All data is stored exclusively within this datacenter, ensuring that no data leaves the UAE. This guarantees compliance with regional data protection regulations and provides added security for our users. For KSA: The Circularo cloud data resides in an Oracle Cloud Infrastructure (OCI) datacenter located in Saudi Arabia (KSA). All data is stored exclusively within this datacenter, ensuring that no data leaves the KSA. This guarantees compliance with regional data protection regulations and provides added security for our users. For Europe: The Circularo cloud data resides in a Microsoft Azure datacenter located in the EU. All data is stored exclusively within this datacenter, ensuring that no data leaves the EU. Circularo is fully GDPR compliant, meaning that it adheres to the strict data protection and privacy regulations set by the General Data Protection Regulation, ensuring your data is handled with the highest level of security and care. |
|
| 8 | Is Circularo an external-facing or internal application? | Circularo can be used both internally and externally. By default, both options are available in the system. However, with additional configuration, external sharing can be completely disabled, allowing the application to be purely for internal use. |
|
| 9 | Confirm whether the application server is in the DMZ and the database server is internal. | For internet-facing deployments, the application server is placed in a DMZ, and the database server is kept internal. Servers exposed to end-users are located in a different subnet, with only the necessary ports and services exposed for public access. |
|
| 10 | Are there any internal or external interfaces connected to the Circularo system? | The system is equipped with multiple internal and external interfaces. REST API provides robust programmatic access, SAML supports single sign-on (SSO), OAuth ensures secure authorization processes, a comprehensive UI for end-users, and Webhooks enable real-time data exchange and integrations. | |
| 11 | What are the password policies for different accounts in Circularo (e.g., length, expiry, history, complexity)? | Password Complexity Policy: Circularo enforces a stringent password complexity policy. To ensure security, all passwords must include a combination of lowercase and uppercase letters, numbers, and special symbols, with a minimum length of 8 characters. It is recommended to avoid using dictionary words to maintain higher password complexity. Password Security Mechanisms: Password Length: Circularo mandates a minimum password length of 8 characters. This requirement is fixed and cannot be altered. Password Expiry: By default, passwords do not expire. However, administrators can enforce a password expiry policy based on their preferred time period. Maximum Failed Authentication Attempts: The system locks users out after 5 failed authentication attempts by default. Administrators have the flexibility to adjust this limit. Account Lockout Time: Following 5 failed authentication attempts (default), users are locked out for 300 seconds. Administrators can modify this lockout duration. Session Timeout: The default session timeout is set to 1 month of inactivity, after which users are automatically logged out. Administrators can customize this timeout period as needed. | |
| 12 | How does Circularo ensure that all user passwords are stored securely within the system? | Circularo ensures the security of user passwords by never storing them in plaintext. Instead, all passwords are hashed using BCrypt, and only the resulting hash is stored. Additionally, all sensitive user information is being automatically masked in the application logs. This guarantees that no user passwords can be accessed by unauthorized individuals or even by the Circularo team at any time. |
|
| 13 | How does Circularo ensure that all data is sent to the application server securely? | Circularo employs dedicated SSL certificates to encrypt all client-server communications, guaranteeing that no data is ever sent in an unencrypted format. |
|
| 14 | Does Circularo track unsuccessful login attempts? | Every login attempt, successful or otherwise, is recorded in the application’s audit logs. Circularo administrators can access all logs, while non-admin users have the ability to view audit logs for their own accounts. | |
| 15 | What logging mechanisms are enabled on all Circularo systems (e.g., fault logging, audit logs, operator logs, firewall logs, administrator logs)? | Both on-premise and cloud solutions provide full exportable audit logs for all actions performed in the system. Additionally, on-premise solutions have logging enabled for all services included in the Circularo installation. These logs can be accessed directly from the application servers or redirected to a log management system for further processing. | |
| 16 | What is the log retention policy for Circularo?
| For cloud solutions, it is not possible for Circularo to grant access to the application logs due to the shared nature of the system. Audit logs, which are accessible to system admins are stored indefinitely. For on-premise solutions, application log retention is fully in hands of the client as the infrastructure is managed by them. Audit logs are stored inside the application for an indefinite period. |
|
| 17 | How is Circularo hardware utilization being monitored? | For cloud services, we continually monitor the hardware utilization parameters with detailed metrics and alerts to ensure optimal performance and reliability. For on-premise infrastructure, our support team conducts quarterly health checks. These checks provide both our team and the client with current information on the functionality and utilization of the Circularo installation. If any issues are identified during these checks, our team offers recommendations and action plans for timely mitigation. This proactive approach helps keep your Circularo system running smoothly and efficiently. |
|
| 18 | Is it possible to utilize any anti-malware solution for Circularo documents? | In our cloud solutions, it is not possible to modify the operating system due to resource sharing with other entities. For on-premise solutions, while Circularo is designed with robust security measures, our team is open to discussing the installation of additional anti-malware software if desired. We understand your security needs and are ready to accommodate additional measures where required. |
|
| 19 | What is the Circularo backup policy? | According to our internal guidelines, regular database backups for the entire application are performed on our cloud environments. These backups are stored in geo-redundant locations, each backup is kept for 21 days. System backups, including infrastructure components like hardware, OS, and network, are managed by the datacenter service provider (MS Azure). For on-premise deployments, clients typically handle maintenance of the infrastructure themselves. Nevertheless, our team is willing to provide assistance with these backups upon request. For both deployment options Circularo also employs custom scripts to execute full backups before implementing any significant changes. Additionally, our internal tools are also equipped with automatic backup functionality, guaranteeing that backups are generated automatically before any potentially disruptive alterations are made. |
|
| 20 | Are Circularo backups encrypted in any way? | For cloud backups, all data is stored in encrypted form using AES-256 encryption at-rest. For on-premise solutions, backup encryption is not provided by default and is left to the capabilities of the client’s infrastructure. We recommend that clients use their infrastructure’s encryption capabilities to ensure the security of their sensitive data. | https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |
| 21 | Are there any alert mechanisms to inform technical personnel in case of backup failures? | For the cloud solution, backups are performed every hour, and the freshness of these backups is continuously monitored. If any backup is older than 90 minutes, an alert is triggered and sent to the monitoring team to inform them of the issue. For on-premise solutions, this configuration is left up to the client as the infrastructure is managed by them. Circularo team is ready to provide assistance to client’s technical team for the same. |
|
| 22 | Is there any redundancy for system backups? | For the cloud solution, backups are stored in geo-redundant storage with point-in-time restore capability, ensuring that backups are not only highly available but also can be restored to specific points in time. For on-premise solutions, this configuration is left up to the client as the infrastructure is managed by them. Circularo team is ready to provide assistance to client’s technical team for the same. |
|
| 23 | How are production, test, and development environments segregated?
| In our cloud deployments, we employ multiple separate environments—such as development (dev), testing (test), and production (prod). Each of these environments is deployed on separate physical hardware to eliminate any possibility of interference between them. This segregation ensures the integrity and stability of each environment. For on-premise installations, we typically deploy at least test and production environments. However, the specific nature and number of deployments are determined by the client's requirements and preferences. We work closely with clients to tailor the deployment to meet their unique needs and ensure optimal performance and reliability. |
|
| 24 | Does Circularo have any deployment documentation available? | As part of the standard Circularo on-premise system deployment, comprehensive deployment documentation is provided prior to the deployment itself. This documentation covers both hardware (HW) and software (SW) aspects of the deployment, ensuring a thorough description of the planned deployment. | |
| 25 | What are the remote access preferences/requirements by Circularo? | For on-premise solutions, direct SSH access to the application servers is strongly preferred by the Circularo team as it enables maximum flexibility for all installation and maintenance related activities. Having indirect access using a bastion host or connecting through monitored SSH sessions is acceptable. Access using tools such as shared screen over Microsoft Teams, or Cisco WebEx is unacceptable. Aside from the above, there are no other specific on-premise remote access requirements from Circularo’s side. For cloud solutions, all internal systems are accessible exclusively through a company VPN. Each personnel member has their own unique account for access to ensure secure and controlled remote access to the system. |
|
| 26 | Does Circularo have any HW and SW requirement documentation available? | For each on-premise deployment, we provide the client with a Hardware (HW) Requirements document outlining all the prerequisites necessary for a successful installation. This document comprehensively details the hardware specifications and configurations needed to support the Circularo system effectively. | Infrastructure recommendations and requirements (Kubernetes).pdf |
| 27 | What are the SDLC and SSDLC followed by Circularo? | The Circularo team adheres to our own Software Development Life Cycle (SDLC) and Secure Software Development Life Cycle (SSDLC) processes. | |
| 28 | Does Circularo follow any established change management process? | Deploying any kind of changes on the client's environment is always discussed with the client prior to the deployment itself. We prioritize open communication and collaboration to ensure that clients are informed and involved in the deployment process. If the client has a specific change management process in place, our team is fully open to following this process. |
|
| 29 | How are the new Circularo releases tested? | Each new version of Circularo undergoes thorough internal testing before deployment. For on-premise instances, clients receive the new version for testing on their User Acceptance Testing (UAT) environments first. This allows clients to conduct their own testing and validation of the new version before upgrading the production application. |
|
| 30 | What are the roll back and roll out plans when upgrading Circularo to the latest version? | As per our internal guidelines, we ensure stability of our deployments by creating backups for potential rollback purposes before deploying the new version of our application on both cloud and on-premise deployments. This precautionary measure ensures that we have a contingency plan in place in case any issues arise during the deployment process. Furthermore, for on-premise rollouts of the new Circularo versions, we always engage in discussions with the client first, seeking their approval before proceeding with any actions. Clients are always fully informed and involved in the decision-making process when it comes to Circularo upgrades In the case of cloud solutions, we provide our clients with advance notice of upcoming upgrades. This allows them to prepare for the upgrade and make all necessary adjustments to their configurations. |
|
| 31 | How does Circularo protect its data at rest and in transit? | All data at rest is encrypted with AES-256 encryption. Data in transit is always secured with a TLS layer, ensuring that all information is protected both when stored and when being transmitted. | https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197-upd1.pdf |
| 32 | How are the SSL certificates for Circularo managed? | For cloud environments, we utilize ZeroSSL for automatic SSL certificate provisioning and maintenance. This ensures that all cloud deployments are HTTPS encrypted, providing secure communication and data protection. For on-premise deployments, applying an SSL certificate is a standard practice during Circularo deployment. The certificate can be issued either by the client or by us, depending on the client's preference. |
|
| 33 | What are the authentication methods utilized in Circularo? | The default authentication method in Circularo is a username/password challenge. Users are required to set up a password with the required level of complexity upon activating their account. After this, they can use their email ID and password to log into the system. Another authentication method available in Circularo by default is OAuth 2.0 SSO. This method allows users to log into Circularo using one of the supported OAuth providers (such as Microsoft, Google, etc.) with which the user has an account. When using this method, the authentication is delegated to the OAuth service provider. In addition to the above, Circularo offers SAML 2.0 Single Sign-On (SSO) as a separate add-on feature, available for all Circularo deployment types. SAML 2.0 SSO enhances security and user convenience by allowing seamless authentication across multiple applications. Finally, LDAP (Lightweight Directory Access Protocol) is also supported, but only for select on-premise deployments. This configuration has its own limitations - if interested, please request this documentation. | |
| 34 | Does Circularo support role-based access control? | Circularo fully supports role-based access control through its built-in user and group/team management features in the admin interface. For more details, you can check our help section or reach out to the Circularo team. | https://help.circularo.com/help-center/latest/teams
|
| 35 | How are Circularo users identified on the application level? | By default, Circularo uses user’s email address as their unique user ID, because an email is required to create an account. This makes sure that all user IDs are both unique and easy to remember. However, if preferred by the client, it is also possible to use a unique username instead. |
|
| 36 | Does Circularo have any service accounts within the client’s system? | Our team typically prefers to keep at least one service account with a generic user ID (such as "admin") active in the system for administrative purposes. However, if it is required to delete this and other generic IDs from the system, our team is fully prepared to perform this action. |
|
| 37 | Can regular users access the Circularo administration? | By design, regular users in Circularo have zero access to administrative utilities. This access must be granted either by the Circularo team or by one of the other system administrators. This approach ensures that only authorized personnel can perform administrative tasks. |
|
| 38 | Is it possible to use a VPN solution for all remote login connections? | Access to cloud deployments cannot be restricted behind a VPN because the shared infrastructure needs to be open for other clients. For on-premise deployments, VPN restrictions can be configured directly by the client since they maintain the infrastructure. Our team has experience with this approach from other deployments and is ready to provide assistance if required. |
|
| 39 | Does Circularo utilize SNMP (Simple Network Management Protocol) on client infrastructure? | SNMP is not required for the on-premise Circularo deployment. Since the infrastructure is managed by the client, we do not require any specific network configurations as long as the minimum infrastructure requirements, as described in our documentation, are met. | |
| 40 | Is there any sort of penetration testing performed by Circularo or do we need to perform our own testing? | As per our internal guidelines, Circularo undergoes annual penetration tests conducted by a third party. The resulting reports can be shared with clients upon request. Additionally, if clients conduct their own penetration tests, we welcome their reports. Our team analyzes these findings, and promptly addresses any identified vulnerabilities to ensure maximum system security. | |
| 41 | Does Circularo have any sort of redundancy or high availability in place? | All Circularo services are running in high-availability mode. Internal application components are deployed into a multi-node cluster with self-healing and rebalancing capabilities to ensure continuous operation and minimal downtime. Infrastructure wise, Circularo deployments are configured with at least three k3s nodes in a high-availability mode. This configuration ensures that the system can remain fully operational even if one of these three nodes shuts down completely. This deployment can be scaled according to the client's requirements. |
|
| 42 | Does Circularo update all the relevant system documentation / user manuals for the new and updated system functionalities? | Our documentation and help site are updated with each new Circularo version to ensure that our clients always have access to the most relevant and up-to-date information about the system. | |
| 43 | Does Circularo have redundancy in place for critical network devices? | For cloud deployments, all network devices are managed within the utilized cloud infrastructure, which allows us to delegate this responsibility to the cloud provider. For on-premise solutions, this is completely in client’s control as the client’s infrastructure is maintained by their own team. |
|
| 44 | Does Circularo utilize any kind of Advanced Threat Protection (ATP)? | Our cloud instances are deployed on Microsoft Azure infrastructure, leveraging Azure’s tools for environmental monitoring. However, Circularo does not provide an additional proprietary monitoring solution. For on-premise solutions, this is completely in client’s control as the client’s infrastructure is maintained by their own team. | |
| 45 | Are all Circularo signatures legally binding? Is Circularo in compliance with the ESIGN Act? | By implementing a wide variety of features that ensure document authenticity, such as verifying the user's intent to sign, linking each e-signature to the original signatory, and generating detailed audit trails for each signed document, Circularo ensures full compliance with the ESIGN Act, making all signatures performed within the Circularo platform legally binding. | |
| 46 | Is it possible to utilize Customer-managed encryption keys (CMEK) on the Circularo storage? | For cloud deployments, it is not possible to perform any modifications to the infrastructure due to the shared nature of the solution. As for the on-premise/private cloud solutions, managing the infrastructure of these is left entirely to the client. This means that establishing CMEK on the storage is technically possible as Circularo application can utilize any storage as long as it’s mountable in the Linux operating system. |
|
| 47 | Does Circularo utilize any kind of EDR (Endpoint Detection and Response) solution? | For our cloud instances, this responsibility is delegated to our cloud service provider, Microsoft Azure. For on-premise deployments, the integration of an Endpoint Detection and Response (EDR) solution is entirely the client's responsibility, as they manage the infrastructure. The implementation of an EDR solution does not affect Circularo in any way, allowing clients to choose and implement the EDR solution that best suits their needs. |
|
| 48 | Does Circularo utilize any kind of ATP sandboxing solution? | No. User-uploaded files in the cloud are stored in Azure Blob Storage and are protected by the security mechanisms provided by Azure. In the case of on-premise deployments, it is up to the client to decide whether to scan uploaded files directly on their storage. Circularo does not execute or interpret any uploaded files on the server. |
|
| 49 | Does Circularo utilize any DLP (Data Loss Prevention) solution? | For the cloud solution, this is addressed by backups stored in geo-redundant storage with point-in-time restore capability, ensuring that backups are not only highly available but also can be restored to specific points in time. For on-premise solutions, this configuration is left up to the client as the infrastructure is managed by them. Circularo team is ready to provide assistance to client’s technical team for the same. |
|
| 50 | Does Circularo utilize any DAM (Data Activity Monitoring) solution? | For data activity monitoring, the application provides a comprehensive and detailed audit log. This log captures and records all significant actions and events, allowing for thorough tracking and analysis of user activities within the application. This ensures transparency and helps in maintaining security and compliance. | |
| 51 | Are there any infrastructure hardening guidelines followed by Circularo? | Only the minimum necessary services are always enabled. For hardening, we have a hardening guide that we apply to our infrastructure, which is reviewed on a regular basis to ensure it remains up-to-date with the latest security practices. In the case of on-premise deployments, this process is carried out in collaboration with the client. We still adhere to the principle of enabling only the minimum necessary services and additionally recommend using a DMZ proxy server. |
|
| 52 | Does Circularo have MDM (Mobile Device Management) and Data Wiping solutions in place? | For cloud-hosted solutions, the Circularo mobile application is publicly available via the Google Play Store and Apple App Store. As the application is distributed directly through public app stores, MDM support is not provided for cloud-hosted deployments. For on-premise solutions, Circularo primarily uses a Progressive Web App (PWA) rather than a dedicated native mobile application. The PWA runs within a standard web browser and does not store significant data locally on the device. Any locally stored data is limited, browser-managed, and transient in nature. Consequently, traditional MDM controls or remote data-wiping mechanisms are not required for normal operation of the application. If an on-premise customer explicitly requests a custom build of the native mobile application, such a build can be distributed via the customer’s own MDM solution. However, it should be noted that the PWA version of Circularo will remain available in parallel, and therefore any restrictions applied solely to the native mobile application will not fully prevent access to the service. | |
| 53 | Does Circularo have any NAC (Network Access Control) and PAM (Privileged Access Management) solutions in place? | While no dedicated NAC and PAM solutions are utilized by default, in on-premise deployments it is technically possible for the client to utilize solutions of their own choosing. Circularo team can provide assistance with the same if required. |
|
| 54 | Does Circualaro provide regular patches and updates for the system? | Regular testing and application of all security-related service packs, patches, and hot-fixes to all servers are integral parts of our standard maintenance procedures. |
|
| 55 | Does Circularo have an Intrusion Detection Monitoring system implemented? | Yes, we have an Intrusion Detection Monitoring system implemented in our Azure-hosted environment. We use Azure Security Center and Azure Sentinel to provide continuous monitoring, threat detection, and alerting for potential security threats. For on-premise deployments this is left up to the client as the infrastructure is managed by them directly. |
|
| 56 | Can the Circularo team provide a copy of their DPA agreement? | The DPA can be found in our Terms and Conditions - https://terms.circularo.com/terms/latest/data-processing-addendum-dpa |
|
| 57 | What architecture does the Circularo solution utilize? Does Circularo utilize the n-tier architecture? Describe the Circularo application architecture. | Circularo employs a modern three-tier logical architecture model, consisting of a presentation layer, application layer, and database layer, with additional storage capabilities. The presentation layer is a single-page application (SPA) built with Angular, offering a dynamic and responsive user interface. The application layer, diverging from the traditional Web Application Server model, utilizes Node.js and other backend services to expose functionalities via REST APIs for the presentation layer. The database layer relies on NoSQL data services, specifically Elastic Search for search capabilities and Redis for high-speed data retrieval and caching. Furthermore, Circularo incorporates a storage layer supporting on-premises NAS/SAN devices and cloud-based storage solutions like S3-compliant devices, Microsoft Azure Blobs, and Amazon S3. This architecture ensures a robust, scalable, and flexible system, delivering a high-performing and adaptable application suitable for various environments. |
|
| 58 | What is Circularo’s Cloud Security Posture (CSP) and SaaS Security Posture? | Circularo is a SaaS solution hosted locally in Microsoft Azure , our security and compliance posture leverages Azure's robust infrastructure and comprehensive security features. This includes adherence to globally recognized standards and best practices for data protection, access control, and continuous security monitoring, ensuring that our solutions remain secure and compliant within the Azure environment. Azure's built-in security capabilities and compliance certifications further enhance our ability to meet stringent security requirements. Cloud Security Posture (CSP):
SaaS Security Posture:
|
|
| 59 | What information is being stored in Circularo? | The information stored by Circularo includes: User Information:
Document Information:
Audit Logs:
Others:
|
|
| 60 | Does Circularo have access to client data? | Circularo does not have access to any sensitive client data. Passwords and other user secrets are hashed and cannot at any point be viewed in plaintext, ensuring maximum account security. As for documents, by default, Circularo documents are accessible only to their owner. For other users to access these documents, the owner must explicitly share them. This robust system ensures that client data remains private and secure, under the client's control at all times. |
|
| 61 | Please share your DR/BCP process documentation. | Please request this documentation if necessary. | |
| 62 | What is the required connectivity for Circularo databases? | The Elasticsearch service itself needs to be accessible to other services within the cluster. This connectivity is primarily internal. In the case of Circularo, Elasticsearch is configured to store only application and document metadata, while the actual binary content is stored separately in a dedicated storage system. This binary storage can be virtually any storage solution that can be mounted on a Linux operating system. DC is using CIFS to mount storage from another server. |
|
| 63 | How is the data stored in Circularo accessed? | Documents and metadata are stored, modified, and retrieved through REST API requests to our back-end component. Elasticsearch instance itself is not available outside of the cluster. |
|
| 64 | Is Circularo PCI DSS (Payment Card Industry Data Security Standard) compliant? | Circularo (the application) does not process or store any credit card information. As such, this point is not applicable. |
|
| 65 | Is Circularo GDPR compliant? | Circularo acts both as the data controller and also as the data processor. For more details on Circularo’s GDPR compliance status, you can refer to the chapter 6 of the Security Pack document (page 35), or to the Security & Compliance section on our website (https://www.circularo.com/security-compliance/ ) | |
| 66 | How long are documents kept on the server? | Your documents will remain in the system for the duration of your Circularo subscription, unless deleted by the document owner. In the event of subscription termination, our standard terms and conditions, as outlined on our website, will apply. You can review them here:https://terms.circularo.com/terms/latest/#id-(2023August)CircularoTerms-15.Term;Termination |
|
| 67 | How is our organization’s data kept separate from other organizations’ data? | For cloud deployments, each organization's data is logically separated at the database level, ensuring that no organization can access another’s data. For on-premise deployments, your data is stored on servers managed and provided by your organization, with full control over access remaining in your hands. |
|
| 68 | Where is the data for Circularo stored and managed? | The Circularo application is deployed using k3s, with the Elasticsearch database running in its own dedicated container. Binary data is stored on a separate server. This architecture adheres to best practices, isolating the database from the application to enhance security, scalability, and performance. |
|
| 69 | For cloud based deployment, please provide all the relevant security certifications of the hosting cloud (SSAE 18 / SOC 1/ SOC2/ SOC 3 / AICPA etc.). | Our solution is hosted in Microsoft Azure, which complies with several industry-leading security standards, including: SSAE 18 SOC 1, SOC 2, and SOC 3 ISO/IEC 27001 AICPA FedRAMP Azure’s compliance with these certifications ensures that the infrastructure supporting our solution meets rigorous security and compliance requirements. You can find the detailed compliance reports and certifications on the Microsoft Trust Center. |
|
| 70 | Does Circularo perform background checks for all new staff? | Yes, we conduct background checks for all staff members as part of our hiring process. This ensures that only trusted and qualified personnel have access to sensitive information and systems. |
|
| 71 | What signature formats and profiles are supported by Circularo? | Circularo supports ETSI EN 319 142 PDF Advanced Electronic Signature Profiles (PAdES), including Long-Term Validation (LTV) and Time Stamping Authority (TSA) support. Both personal and company certificates are supported. By default, Circularo uses its general certificate for signing. |
|
| 72 | What happens if changes are made to a document signed in Circularo? | Documents signed in Circularo are digitally sealed, meaning any changes made to the document after signing will break this seal. If the seal is broken, it will be visible in any PDF reader that supports digital signatures (e.g., Adobe Reader) or on our verification page. | https://help.circularo.com/help-center/latest/how-can-i-verify-the-validity-of-a-signed-document |