HomeDrive is an online file sharing service that allows users to sync files to the cloud, access them from any internet connected device, and share them with collaborators. HomeDrive is based in Hamilton, New Zealand and has been providing its cloud service since 2013. You can contact real, live, people through email, phone, or their online support portal. They use encryption to protect your data while in transit between your computer and their servers. All data on their servers is held in a secure environment, behind their firewalls, and protected by a vault management system that prevents unauthorized access. HomeDrive has its primary data centre located in Hamilton, New Zealand with a backup data centre located in Auckland, New Zealand . HomeDrive data centres are secured to a high standard, but are not certified by a third party. These measures help HomeDrive maintain its expected availability of 99.9% (the HomeDrive service is expected to be inaccessible less than 0.1% of the time). Your data is also stored locally so that in the event of a service outage you still have access to your files – any changes you make will simply be synced once you’re back online. Data can easily be uploaded to/downloaded from HomeDrive through their website or their desktop/mobile applications. HomeDrive recognizes you as the owner of all data uploaded to your account and makes no claims to it. if you chose to terminate your account, all of your data on HomeDrive would be deleted after 30 days.
This disclosure was provided by HomeDrive and researched by Arrowrock. Sources are cited where possible.
|Company Phone Number||Head Office: +64 7 974 9150
Free Call: 0800 425 383
|Company Email Addressemail@example.com|
|Physical Address||theCloud Limited
PO Box 12054
Hamilton, New Zealand 3248
What services does this disclosure apply to?
What country holds legal jurisdiction over the service(s)?
How long has your company been operating?
5 years in total, 2 in our incubator parent company Layer X, and from June 2013, three years as it’s own limited company.
How long has your company been providing the service(s) covered in this disclosure?
Free, final Beta release since January, officially launched March 2013
Is your company currently profitable?
What are your standard customer support hours?
Normal Business hours
What channels are available for communication with clients?
Email, phone & online support portal.
Which is your preferred channel for client communications?
Email to firstname.lastname@example.org or email@example.com
Do you collect any information from client communications?
Only emails to do with support are kept from an historic audit perspective, this information is not used for any other communication or purpose.
What is your standard response time for customer support inquires?
SEVERITY LEVEL THECLOUD TARGET RESPONSE TIME TARGET REPAIR TIME
Tier One Within one hour Within four hours
Tier Two Within two hours Within 24 hours
Tier Three Within 24 hours To be agreed by the parties per event
Do you proactively communicate information about future planned outages and maintenance to clients?
Yes, by email and the support page of our web site, typically it’s 5 days notice but may be shorter for more urgent issues.
Do you proactively communicate information about current unscheduled outages and incidents to clients?
Yes, via Network Status page:
Do you make incident reports available to clients after major incidents?
Yes, on request only and automatically for our key clients.
What is the expected uptime of the service?
Has the service experienced any outages in the last 12 months?
Does the SLA guarantee service uptime?
There is no guarantee for HomeDrive in terms of the SLA, best efforts apply and we always aim to exceed our committed up-time of 99.9%
Are logs kept of client logins and locations?
The system keeps an audit trail and this is visible to users via the web portal.
Does your service support password/account recovery?
Yes. Once you request a password reset, instruction will be sent to your associated email address.
Does the service monitor for any suspicious account activity?
No, there is no inherent data checking or activity behavior logic.
Does your service offer two-step or multi-factor authentication?
No, although if a client requires this and is willing to pay for the development then we would consider this.
Does your service offer login via other services?
Does your service secure all client data in transit?
Does your service secure client data at rest?
All data stored on a Vault is protected by 256-bit encryption. When the HomeDrive application is closed, your Vaults are invisible, making it impossible for unauthorized individuals to access your private data.
Does your service allow clients to collaborate with 3rd parties?
With HomeDrive, your team can work together to review and edit documents in the cloud. You can invite a member to join your Vault and control levels of file accessibility. Your data is always up-to-date and available to team members, whether they are online or offline. HomeDrive automatically synchronizes and updates files on the cloud server and across the local drives of your team members.
Does your primary system reside in a data center with a security certification?
Does your backup/disaster recovery system reside in a data center with a security certification?
Do you claim ownership of any client data or information uploaded to your service?
Does the client retain full ownership of any data of information transmitted or stored via upstream providers?
In theory yes as data is encrypted and we don’t have access to the unencrypted data.
Does client use of your service generate any metadata or other statistical information?
Where are the primary systems that host client data located?
Hamilton, New Zealand
Where are the backup/disaster recovery systems that host client data located?
Auckland, New Zealand
Are there any other systems that host client data on behalf of your service?
Does the client have full access to their data during the service contract period?
You can easily access your data via the desktop client, online portal, or mobile app.
Can the client freely download their data from the service during the contract period?
Yes, all data a client stores in HomeDrive can be easily downloaded via the HomeDrive website, desktop program, or mobile apps. The files will be in the same format as they were added by the client.
Can the client easily import/upload their data from a competing service provider into your service?
Yes, any files/formats can be uploaded to HomeDrive. All formats are supported.
Does your services include an API to access client data?
Following termination of the service, will the client be able to access their data?
Following termination of the service, is all client data deleted?
Yes, all relevant data is deleted after 30 days of the account being closed.
Does anyone in your organization (including contractors and upstream providers) have the ability to directly access client data?
No, as data is encrypted.
Does your company use client data or information for any business function (other than the provision of the service)?
Does your company use client data or information to generate revenue (other than the provision of the service)?
Do you access client data in any additional circumstance not yet specified in this disclosure?
Do you have a policy in place for dealing with data loss or breach?
The full service terms can be found here: http://www.homedrive.co.nz/index.html?page=legal
There is no specific policy for breach of loss on the HomeDrive service however the generic policies regarding breach and loss for theCloud would apply.
Do you notify clients if their data has been lost or compromised?
If there is a breach or loss of data we would inform the client by email or phone.
Does your service support data versioning?
Security is also available when your files are accidently deleted. HomeDrive retains 14 daily backups of your Vaults allowing you to retrieve past version with a simple restore function from your HomeDrive online portal secure.homedrive.co.nz.
How often are service/client data backups performed?
What method is used to perform service/client data backups?
Virtual Server Volume based backups using Veeam Backup and Restore.
How long is backup data retained for?
We have 14 days of daily backups available.
The information in this report is provided “AS IS” without warranty of any kind, express or implied. Please use good judgement and verify the information you consider important before basing any decisions on it.