Security


Thinkspace employs industry standard security practices to ensure your trust. Idea sharing can contain highly confidential information and for this reason, our top priority is ensuring information safety and integrity through established security measures. These measures are designed to prevent unauthorized access, use, alteration or disclosure of User Data stored on systems under Thinkspace's control.



Cloud Hosting

Thinkspace persistently stores all user data on Amazon Web Services (AWS) servers located in Singapore and is protected by Amazon's security and environmental controls.

Amazon Web Service (AWS) has robust security in place, adhering to compliance with industry and government requirements for security and data protection. Specifically, its IT infrastructure is designed and managed in alignment to industry security practices, which is recognized for SOC 2 Type II attestation, ISO 27001 certification and beyond. More information on AWS ISO certification and SOC reports are available at https://aws.amazon.com/compliance/iso-certified and https://aws.amazon.com/compliance/soc-faqs respectively.

To learn more about AWS security, please see https://aws.amazon.com/security and https://aws.amazon.com/security/sharing-the-security-responsibility.




Data Security & Management


Data

Thinkspace is committed to PDPA compliance and keeps a clear separation of data between its internal IT operations and production infrastructure hosted for users.

When you claim a Thinkspace Workspace, you will own all the content created by you and your teams. (A Thinkspace Workspace is a common platform created for users from the same organization.) Data is kept in a higly secure environment and accessible to users within the same Workspace. Additionally, user data can be deleted upon request or termination of service. Thinkspace will never, for any reason or any circumstances, sell your data to third parties.


Database

Access to the database is secured as only connections from Thinkspace service that are authenticated are allowed. No external connections can be made to the database.


Data Center

Our datacenter provider, Amazon Web Service, (AWS) is SOC2 compliant. More information on AWS SOC report is available at https://aws.amazon.com/compliance/soc-faqs.


Data Storage

Thinkspace logically segregates storage for different Workspace to ensure that user data is not combined with anyone's else data. All documents and images reside at the server storage are AES-256 encrypted at rest. We take strong measures to protect user data from inappropriate use, and prevent users from gaining access to one another's data. Additional safeguards include proper adminstrative controls, such as secure user authentication, so that data can only be accessed by authorized personnel.


Deletion Of Data

Currently, user data can be deleted with a written request to Thinkspace by the user. In the event that the user deletes his/ her account, the user data will be stored for 30 days and afterwhich, we dispose all data.

Additionally, the Admins of Thinkspace Workspace can request to delete all its data with a valid reason.

Upon termination of Thinkspace service, or expiry of subscription plan, the user data will permanently be deleted.


Role-based Management

Thinkspace features 2 security levels of accounts: Admin and Member. Admins have full access to create, delete content, challenges, teams, as well as invite people and manage user role. Members only have the ability to create content based on the access level assigned by Admins.


Separation Of User Data

All sensitive User data is only accessible after successful exchange of a session token that carries it with varying degree of access rights, depending on the user role. This puts in place a logical authentication and authorization to separate data belonging to different users and teams within the same Workspace.




Encryption & Password Management


Authentication and Encryption

  • At Rest: User data resides in the production environment are encrypted using industry-standard AES-256 encryption algorithm.
  • In Transit: All network communication between the user’s web browser and server are encrypted using SSL (Secure Socket Layer) and HTTPS (TLS 1.2 and AES-256). All transactional requests to retrieve, add, modify and remove data are validated using a token which prevents spoofing or unauthorized access.

  • Password Hashing

    Passwords are hashed and salted securely using SHA-512 algorithm.


    Strong Password Policy

    User account is governed by a strong password policy, which consist a minimum of eight characters, including one character from each of the following four groups:

  • Numeric characters [0-9]
  • Lowercase alphabetical characters [a-z]
  • Uppercase alphabetical characters [A-Z]
  • Special characters [.+*?^$()[]{}|\]

  • Password Properties

  • First Login: Users must change the password upon first login.
  • Password Reuse: Users cannot reuse an existing password or any previous passwords.

  • Account Verification

    Users are required to verify their accounts via a link provided in an automated email.