Secure project management software

The protection of personal data is more than just a legal requirement for OpenProject. Protect your data with the most secure project management software.

Our commitment

We ensure the utmost security and protection of your personal data

OpenProject as an open source project management software is highly committed to security and data privacy. We have this conscience deeply integrated in our product development and all our company’s processes and mindset. We aim to provide the most secure project management software for you.

The awareness and importance for security and data privacy actions have always been a major topic for us and are one of the main motives for developing this open source project management software.

Data security and privacy

We develop peace-of-mind, secure project management software

Especially in project management, a lot of personal and sensitive data has to be managed. Thus, security and privacy becomes most important when selecting a project management tool. Thanks to OpenProject, web-based project management and security and data privacy will be compatible.

As a firm believer in open source, OpenProject is investing heavily in the freedom of users. This encompasses the software freedoms granted by the GPLv3 and extends to the rights and freedoms granted by the General Data Protection Regulation (GDPR).

In the same transparent fashion that we develop our software, we are committed to transparency regarding data privacy protection of our software users and customers as well as information and system security. Cloud-based or on-premises, we provide enterprise-grade security for the safety of your business assets and the protection of your personal data.

Niels Lindenthal

Niels Lindenthal

CEO OpenProject GmbH

Our goal is to bring OpenProject to perfection as a lighthouse project for data privacy and security in Europe.

Software freedom and GDPR

We believe in the freedom of software and thus in the autonomy of users over their data

Open source and open standards

OpenProject is open source software for project management and team collaboration, published under the GNU GPL v3. The software code is publicly available on GitHub. We focus on open standards for our software development.

OpenProject is continuously developed and actively maintained by the OpenProject GmbH and an international community.

On-premises software

Install and run OpenProject on-premises in your organization’s infrastructure and behind your firewall. This setup in your own infrastructure or hosting provider of your choice provides you most privacy and sovereignty over your data.

General Data Protection Regulation (GDPR) compliance

Software freedom naturally extends to the rights and freedoms granted by the General Data Protection Regulation (GDPR). The GDPR compliance is self-evident for OpenProject. We handle our customer data with care, and we fulfill all requirements according to the GDPR, the German Federal Data Protection Act (BDSG), and even beyond.

Data sovereignty

Your software freedom ensured by open source on premises software. We do not want you to pay with your personal or organizational data nor be dependent on monopolies.

We do not set any not functional cookies nor collect or process any personal data for other purposes than ensuring our services.

Enterprise-grade security

We offer the highest level of security and protection of your data

OpenProject fulfills the highest level of security and data privacy demand for a project management software. It is built to meet the requirements of the most security-sensitive organizations.

Application Security

OpenProject is an open source software that is developed and published on GitHub. Every change to the OpenProject code base ends up in an open repository accessible to everyone. This results in a transparent software where every commit can publicly be reviewed and traced back to the contributor.

Automated tests and manual code reviews ensure that these contributions are safe for the entire community of OpenProject. These tests encompass the correctness of security and access control features. We have ongoing collaborations with security professionals who test the OpenProject code base for security exploits.

Secure authentication and password security

Admins can enforce authentication mechanisms and password rules to ensure users choose secure passwords according to current industry standards. Passwords stored by OpenProject are securely stored using salted bcrypt.

LDAP sync

Synchronize OpenProject users and groups with your company’s LDAP to update users and group memberships based on LDAP group members.

Single sign-on

With the single sign-on feature you can securely access OpenProject. Control and secure access to your projects with the main authentication providers.

Encryption of your data

Our cloud environment is continuously backing up user data with data encrypted in transit (via TLS/https) and at rest (files, database (including backups) via AES-256).

2-factor authentication

The two-factor authentication will prevent anyone from accessing or using your account and adds an additional level of security to your project organization.

User management and access control

Admins are provided with fine-grained role-based access control mechanisms to ensure that users are only seeing and accessing the data they are allowed to on an individual project level.

Security badge and alerts

A badge shows the status of your installation and will inform administrators whether new releases or security updates are available. Relevant channels will be monitored regarding security topics. We will inform you about security fixes promptly.

Antivirus scanning

Files uploaded into OpenProject will be scanned for viruses for compliance reasons and will be quarantined or deleted if viruses are found (for on-premises installations).

Definition of session runtime

Admins can set a specific session duration in the system administration, so that it is guaranteed that a session is automatically terminated after inactivity.

Secure hosting

Peace of mind hosting in the European Union

With our Enterprise cloud your data is stored on secure servers within the EU. Both the data center and network architecture are designed to meet the needs of highly security-conscious organizations.

High security data center

Redundant infrastructure built for high availability and performance. Regular data privacy assessment and certification by external auditor.

Backup and restore mechanism

We provide continuous encrypted data backups being fully encrypted with AES-256 in separate locations. In the event of an accident data can be easily recovered.

Hosting in Germany (on request)

We offer secure hosting of your OpenProject cloud also in a German data center on request.

OpenProject Data Processing Agreement (DPA)

Our DPA reflect our data privacy and security commitments to our clients. The DPA can be signed directly in your OpenProject Cloud environment.

System maintenance and software updates

We take care of your entire installation including the application, database, and operating system so you can focus on your projects.

Technical and organizational data security measures

We provide processes, controls, systems, procedures, and measures that ensure the security of the processing of personal data and storage.

Process and policy

Our security and data privacy strategy includes all aspects of our business

Our systems and processes are designed around your privacy and the principle of data minimization.

OpenProject monitors thoroughly and continuously the developments and regulations for data security, privacy and compliance within the EU and all around the globe. We take our responsibility very seriously when it comes to taking care of personal data, secure processes, secure infrastructure, and a secure application.

This covers all aspects of our business:

  • Publicly available open source software code
  • OpenProject’s security and data privacy policies
  • Physical and environmental security
  • Operational security processes
  • Scalability & reliability of the system architecture
  • OpenProject’s data model access control
  • Systems development and maintenance
  • Secure and compliant services provisioning
  • Regular external security and privacy audits of security experts
Project hierarchy image
For details of data processing see our Data Privacy Policy.

Mailing list

Security announcements mailing list

We provide a mailing list for security advisories on OpenProject. Please register to get immediate notifications as we publish them. No messages except for security advisories or security related announcements will be sent.

If you have any questions

Please contact the OpenProject security team: