ProjoMania

Mentions légales

Security & Data Handling

How we protect your data during engagements and what controls are always on.

Where migration data lives

For every migration engagement, client data lives in a temporary, encrypted environment hosted in the region you choose (EU-Central by default for EU clients, US-East by default for US, or on your own cloud if you prefer). The environment is isolated per client, wiped within 30 days of engagement completion unless a support contract extends it, and backups follow the same retention policy.

Encryption

  • In transit: TLS 1.2+ on every connection. TLS 1.3 preferred and enforced where clients support it.
  • At rest: AES-256 on every volume we operate. Client-provided keys supported.
  • Backups: encrypted with the same policy as live data.
  • Databases: encryption enabled on every PostgreSQL / MySQL instance we provision.

Access controls

  • Least-privilege IAM. Engineers have access only to the engagements they work on.
  • SSO with MFA for every internal tool.
  • Audit logs on every production access event, retained for 1 year.
  • Access reviewed quarterly and on role changes.

Backup & rollback

Before any production migration we take at minimum: a pre-cutover snapshot, an incremental snapshot at cutover start, and a point-in-time recovery window that covers the full cutover. Rollback procedures are documented and rehearsed per engagement.

Retention after engagement ends

Migration working data: 30 days secure deletion by default. Longer retention available on request (with contractual basis).

Personnel

All staff are under NDA. Confidentiality and security training at onboarding and annually. Background checks as permitted by local law.

Incident response

  • Detect: monitoring and alerting on every production environment.
  • Contain: documented runbook per environment.
  • Notify: client notified without undue delay and no later than 72 hours after becoming aware.
  • Remediate: root-cause analysis and corrective action documented per incident.
  • Improve: lessons-learned fed back into our practices.

Responsible disclosure

If you believe you have found a security issue in projomania.com or any service we operate, email [email protected]. We will acknowledge within 24 hours and work with you on remediation. We do not take legal action against good-faith security research.