Employee Database: Data Handling and Privacy Practices
- Marin Varvodic
At Cosmos, privacy and security are core priorities in managing employee data. Our Employee Database offers two options for managing values and employee information:
Custom columns: Admins can create custom employee database columns and manually fill in the information.
Entra ID integration: Synchronize with Microsoft Entra ID for seamless and automated data flow.
Custom columns
When creating custom columns in the Cosmos employee database, the data is securely stored in Typesense, following their stringent standards.
We do not store user names or real names. We only save unique identifiers like Confluence IDs or Entra IDs to maintain functionality without linking personal identifiers (PII). Custom fields, such as department or location, are not considered PII unless connected to names or other sensitive information.
Microsoft Entra ID integration
For organizations using Microsoft Entra ID integration, Cosmos provides seamless synchronization with the employee database. By default, employee data is retrieved from Entra ID on-the-fly during each session and is not stored locally.
However, for organizations with more than 2,000 users, the dynamic fetching process may face performance challenges due to system limits.
Admins can enable data storage to boost app performance for large organizations. Stored data, linked to Entra IDs without personal details, is maintained in Typesense.
Secure and scalable search with Typesense
Typesense is a high-performance search platform designed to provide fast, relevant, and secure search experiences. It powers search functionality for applications by indexing data and delivering instant results through its robust API. Typesense emphasizes data security, offering encrypted data transmission and storage, isolated clusters for data protection, and compliance with industry standards like SOC 2 and HIPAA. It’s optimized for speed and scalability, making it a trusted solution for organizations managing large datasets → https://cloud.typesense.org/
Data encryption: All data is encrypted in transit (HTTPS) and at rest (disk encryption).
Data isolation: Each cluster is fully isolated to ensure no commingling of data.
Compliance: Typesensee SOC 2 (Type 2) certified, and evaluated by an independent AICPA certified external auditor. Typesense shares their SOC 2 report with customers who purchase the Business or Enterprise Tier support plan for at least a year.
Global data residency: You can select the geographic region for your data to comply with local regulations.
How Typesense protects the data
Typesense does not access any customer data as a strict matter of policy, unless you've given us explicit written approval to do so for debugging any issues.
Encryption: All data is encrypted in transit and at rest.
Global data residency: Our default data storage location is in the Frankfurt region. However, upon request, we can explore accommodating data residency preferences to comply with specific regional data regulations.
Controlled access: Role-based access control and API key management ensure data access is limited to authorized users only.
Privacy by design: Typense do not store names or sensitive identifiers unless explicitly configured by the admin.
Data retention: Data can be deleted anytime, and terminated clusters are irrecoverably erased.
Monitoring: Logs and capacity are continuously monitored for anomalies, with 24/7 alerts to handle issues promptly.
Audits: Annual audits and penetration testing are conducted to ensure compliance with best practices.
Physical security: Typesense relies on compute services from third-party cloud infrastructure providers and does not operate or manage any physical servers directly. Physical security and redundancy for these data centers are managed by the cloud providers.
For further information, contact Typesnse team or refer to Data Processing Agreement.
Access control for Typesense cloud data
Access to the data stored in your Typesense Cloud cluster is managed securely through API keys. These keys can be generated via the Typesense Cloud dashboard or the API, providing you with full control over data access.
The Caelor team ensures secure management of API keys for your Typesense Cloud cluster by following industry best practices.
Safeguard API keys: Store API keys securely and restrict access to authorized personnel only.
API key management: We use a single API key, securely stored as a variable in Google Cloud Build, exclusively accessible within our backend environment. This approach ensures the key is safeguarded and not exposed in the frontend. For development purposes, we use a local Typesense setup without customer data, eliminating the need for the API key except in production environments.
Set permissions: Assign appropriate permissions to each API key. For example, keys used in frontend applications should have search-only permissions.
Other data we store
Our apps are hosted by Google and utilize Firebase.
This is what we store in Firebase:
Navigation
Navigation settings and design (Colors)
Entries structure
User permissions are not identifiable, we are storing only account Ids
Dashboard
Widget settings and order
Newsroom, Space Station and People Network
Layout settings (colours, border radius, gaps etc.)
Employee Database
Background image settings
No personal data, only IDs for users
Each field in Cosmos has its own ID, which is used to store details about the field, such as its name, type, and its position in the database and user profile.
Field values (non identifiable, only if Entra ID is not used), this serves as backup to TypeSense
Collections
Collection filters
Background colour
General
Header settings used in Space station, People network, Newsroom (image data, title and description)
Widget settings -> Database field id used for fetching data in widgets
Colors for corporate identity