Skip to main content

Security

TheStorage is built with security as a core principle. All communications are encrypted, and we follow Microsoft Azure security best practices throughout the platform.

Encryption

All connections between clients (web, desktop, and mobile) and TheStorage services are encrypted using HTTPS with TLS/SSL. Certificates are provided by GoDaddy. If a certificate is missing or expired, the application will not communicate with the backend services.

Infrastructure

All services are hosted in the Microsoft Azure Cloud in the West EU datacenter, including databases, cache layers, storage, websites, and monitoring services.

Data Handling

TheStorage does not store sensitive personal data such as passwords, social security numbers, or financial information.

When you connect your Identity Provider (Microsoft Entra, Google Workspace), only directory data is synced:

  • User name, first name, last name
  • User ID and job title

This data is stored in a temporary memory cache (not a persistent store) for 14 days. If the connection is broken, the cache expires and no user-identifiable data remains linked to inventory records.

Exception: The audit history log stores limited owner information (email address, name, and unique ID) in Microsoft Cosmos DB. This data is retained for 90 days after subscription cancellation, or can be deleted earlier via a support request.

Authentication

TheStorage uses Microsoft Azure AD B2C as its identity provider. No user credentials or password hashes are stored by TheStorage.

Supported SSO providers:

  • Microsoft Entra (Azure AD / Office 365)
  • Google Workspace (G Suite)
  • Microsoft Account

Azure AD B2C supports OpenID Connect and OAuth 2.0 protocols, enabling organizations to enforce their own authentication policies, including Multi-Factor Authentication (MFA) and Okta/Auth0 integrations.

Data Storage

  • All customer data is stored in Microsoft SQL Azure Database with encrypted connections (SSL/TLS).
  • Sensitive data such as software license keys is encrypted using a symmetric encryption algorithm.

Secrets Management

All sensitive application data (connection strings, secure strings, API keys) is stored in Microsoft Azure Key Vault with HSM-backed protection (FIPS 140-2 Level 2 validated). Microsoft does not have access to extract application keys.

Vendors

VendorPurpose
Microsoft Azure CloudInfrastructure, compute, storage, identity
GoDaddySSL certificates and domains

GDPR Compliance

TheStorage does not store GDPR-regulated personal data beyond what is described above. Identity management is delegated to Microsoft Azure AD B2C.

  • Data export — Tenant administrators can export all tenant data from within the application.
  • Data deletion — To delete all tenant-related data, submit a support ticket with identity verification. Deletion is completed within 60 business days.
  • Audit data — Authentication audit logs (successful and failed logins) are stored in Azure AD B2C and are accessible only to authorized Livesoft administrators.