Secure project management software
The protection of personal data is more than just a legal requirement for OpenProject. Protect your data with the most secure project management software.
OpenProject as an open source project management software is highly committed to security and data privacy. We have this conscience deeply integrated in our product development and all our company’s processes and mindset. We aim to provide the most secure project management software for you.
The awareness and importance for security and data privacy actions have always been a major topic for us and are one of the main motives for developing this open source project management software.
Especially in project management, a lot of personal and sensitive data has to be managed. Thus, security and privacy becomes most important when selecting a project management tool. Thanks to OpenProject, web-based project management and security and data privacy will be compatible.
As a firm believer in open source, OpenProject is investing heavily in the freedom of users. This encompasses the software freedoms granted by the GPLv3 and extends to the rights and freedoms granted by the General Data Protection Regulation (GDPR).
In the same transparent fashion that we develop our software, we are committed to transparency regarding data privacy protection of our software users and customers as well as information and system security. Cloud-based or on-premises, we provide enterprise-grade security for the safety of your business assets and the protection of your personal data.
Niels Lindenthal
CEO OpenProject GmbH
Our goal is to bring OpenProject to perfection as a lighthouse project for data privacy and security in Europe.
Open source and open standards
OpenProject is open source software for project management and team collaboration, published under the GNU GPL v3. The software code is publicly available on GitHub. We focus on open standards for our software development.
OpenProject is continuously developed and actively maintained by the OpenProject GmbH and an international community.
On-premises software
Install and run OpenProject on-premises in your organization’s infrastructure and behind your firewall. This setup in your own infrastructure or hosting provider of your choice provides you most privacy and sovereignty over your data.
General Data Protection Regulation (GDPR) compliance
Software freedom naturally extends to the rights and freedoms granted by the General Data Protection Regulation (GDPR). The GDPR compliance is self-evident for OpenProject. We handle our customer data with care, and we fulfill all requirements according to the GDPR, the German Federal Data Protection Act (BDSG), and even beyond.
Data sovereignty
Your software freedom ensured by open source on premises software. We do not want you to pay with your personal or organizational data nor be dependent on monopolies.
We do not set any not functional cookies nor collect or process any personal data for other purposes than ensuring our services.
Application Security
OpenProject is an open source software that is developed and published on GitHub. Every change to the OpenProject code base ends up in an open repository accessible to everyone. This results in a transparent software where every commit can publicly be reviewed and traced back to the contributor.
Automated tests and manual code reviews ensure that these contributions are safe for the entire community of OpenProject. These tests encompass the correctness of security and access control features. We have ongoing collaborations with security professionals who test the OpenProject code base for security exploits.
Secure authentication and password security
Admins can enforce authentication mechanisms and password rules to ensure users choose secure passwords according to current industry standards. Passwords stored by OpenProject are securely stored using salted bcrypt.
LDAP sync
Synchronize OpenProject users and groups with your company’s LDAP to update users and group memberships based on LDAP group members.
Single sign-on
With the single sign-on feature you can securely access OpenProject. Control and secure access to your projects with the main authentication providers.
Encryption of your data
Our cloud environment is continuously backing up user data with data encrypted in transit (via TLS/https) and at rest (files, database (including backups) via AES-256).
2-factor authentication
The two-factor authentication will prevent anyone from accessing or using your account and adds an additional level of security to your project organization.
User management and access control
Admins are provided with fine-grained role-based access control mechanisms to ensure that users are only seeing and accessing the data they are allowed to on an individual project level.
Security badge
This badge shows the current status of your OpenProject installation. It will inform administrators of an installation on whether new releases or security updates are available for your platform.
Security alerts
Security updates allow a fast fix of security issues in the system. Relevant channels will be monitored regarding security topics and the responsible contact person will be informed. Software packages for security fixes will be provided promptly.
Definition of session runtime
Admins can set a specific session duration in the system administration, so that it is guaranteed that a session is automatically terminated after inactivity.
High security data center
Redundant infrastructure built for high availability and performance. Regular data privacy assessment and certification by external auditor.
Backup and restore mechanism
We provide continuous encrypted data backups being fully encrypted with AES-256 in separate locations. In the event of an accident data can be easily recovered.
Hosting in Germany (on request)
We offer secure hosting of your OpenProject cloud also in a German data center on request.
OpenProject Data Processing Agreement (DPA)
Our DPA reflect our data privacy and security commitments to our clients. The DPA can be signed directly in your OpenProject Cloud environment.
System maintenance and software updates
We take care of your entire installation including the application, database, and operating system so you can focus on your projects.
Technical and organizational data security measures
We provide processes, controls, systems, procedures, and measures that ensure the security of the processing of personal data and storage.
Our systems and processes are designed around your privacy and the principle of data minimization.
OpenProject monitors thoroughly and continuously the developments and regulations for data security, privacy and compliance within the EU and all around the globe. We take our responsibility very seriously when it comes to taking care of personal data, secure processes, secure infrastructure, and a secure application.
This covers all aspects of our business:
- Publicly available open source software code
- OpenProject’s security and data privacy policies
- Physical and environmental security
- Operational security processes
- Scalability & reliability of the system architecture
- OpenProject’s data model access control
- Systems development and maintenance
- Secure and compliant services provisioning
- Regular external security and privacy audits of security experts
If you have any questions
Please contact the OpenProject security team:
