Cloud Hosting Environment
We host all our services on Google Cloud Platform.
Google Security Resources:
Google Security Whitepaper
Google Cloud Security Foundation
Google Infrastructure Security Whitepaper
Google Cloud Security and Compliance Whitepaper
Google Cloud Platform: Customer Responsibility
Network Security and Architecture
All our services operate on a default deny basis.
Only explicitly allowed traffic is allowed and only the services that need to be exposed to the public Internet are exposed.
All other services communicate using Private IP-addresses with our Virtual Private Cloud. All traffic between our VPC and the public internet uses SSL.
Network and Security Controls
All our services use Kubernetes where only explicitly defined services and ports are used. No file uploading process or remote access to the machines are allowed or configured.
System Capacity
All services are hosted on Google Cloud Platform (GCP). Howwe Technologies continuously monitor the performance and resource usage of our services with automated alarms.
The capacity of our services can, via GCP be increased at any moment.
Howwe Technologies refer to GCP documentation for further details of the abilities and limitations.
Backups
Backups are made automatically at least daily and are replicated in multiple geographic regions.
Database backups are also made before new releases. Restoring from backup is tested weekly.
Technology and Frameworks
Frontends
All our frontends are written in React and React Native and they exclusively talk to our API, they never talk to any of our other APIs directly.
API Servers
All consumers of our API should only use our API and not the individual APIs, with the exception of the auth-api. See the API section of this document. Howwe Technologies use the Spring boot framework in Java for all our APIs. Currently there are four microservices
auth-api – Authentication, for example login and signup.
mig-api – Most Important Goal data.
key-activity-api – Key Activity data, for example commitments and reports.
organization-api – Organizational data, for example teams and users.
When creating a new API service Howwe Technologies use the same technologies and patterns as in existing services. They're all continuously updated.
GraphQL API layer
Howwe Technologies use the GraphQL layer for writing our frontends.
Databases
Howwe Technologies use SQL for our main databases and all of them run on Google Cloud Platform.
Authentication
Howwe Technologies use Auth0 for authentication. All the configuration and settings live in source code, environment specific configuration is available in the env-repository.