Personal information

No sensitive data except user identities (username) are permanent stored in the system. All personal information about users are gathered from external directory services as needed. For a limited period of time some personal data might be keept in system cache.


We store a session cookie on each authenticated users computer for keeping track on logged on user. No sensitive data except for the session ID is stored in the cookie. Remote address and timestamp are stored on server side and used to prevent session hijack.


All modifications (changes in data) are audited. This means that the system stores a changelog of modified data along with who, where and when (blame log). The audit data is stored for a limited time (3 month) before being cleaned out.