All Transloadit Teammates that handle code or data, should sign our Consultancy Services Agreement. The agreements refers to this Work Policy, which contains more hands-on guidelines, that may evolve over time in correspondence with our team. This allows us to very specifically name fast moving technologies that would risk deprecating our contracts if we kept them there.
Security & Privacy
Customers and Vulnerability Researchers may find our Security page more relevant.
In addition to the confidentially clauses of our agreement, please take these up to date practical guidelines to heart.
To apply security best practices on the devices where the Confidential Information is kept:
- Install software updates for your OS & apps regularly. This includes computer, phone, tablet, but also the firmware of routers, modems, and IOT equipment. Make sure they are up to date, and discard of devices that are EOL.
- Do not connect to the internet without a firewall (e.g. by setting your modem in bridge mode).
- On public/untrusted Wi-Fi (Wi-Fi that strangers can join: hotel, lan party, cafe), encrypt and tunnel work traffic via a VPN or SSH tunneling (if you can work exclusively from your browser). SSH traffic is excluded from this.
- Use an encrypted harddrive.
- Use 2FA where possible, and at least for GitHub, Google, Dropbox, NPM and other vital services.
- Make a best effort to keep a papertrail of OS level / security logs for for 30 days or more.
- Use an unpriviliged account (no root/Administrator) by default.
- Use an audited and well established password manager to keep your passwords, do not save your passwords elsewhere. use the passwords manager's ability to install strong passwords for all your important accounts, private and work-related.
- Only transmit secrets to collegues via Signal, after enabling auto-expiring messages.
- Do not check out Transloadit's private repositories on servers or other devices, other than your primary workstation(s).
- When creating accounts for Transloadit, never use a personal email address (but email@example.com or firstname.lastname@example.org instead).
- With api2 repo access comes production database access. You should however never directly interact with the production database (e.g. MySQL Client, Sequel Ace/Pro, DataGrip, phpMyAdmin, or alternatives), even if just read-only, without explicit consent from the founders for what you are about to do. Code that interacts with the production database will first need to be reviewed by founders before merged and ran against it.
- Section 3.1 of our Consultancy Services Agreement states that you need written agreement before adding Third-party code. When writing Pull Requests that include open source licensed code, an approval or merge by a repository admin counts as such.
This section can be ignored if you are not in Pagerduty Rotation. If you are, please familiarize with these guidelines.
Transloadit’s goal is to be pager free. Systems should be made to autoheal where we can. All high severity pagers should be actionable. If they are not, and the respective system cannot be changed to stay within thresholds reliably, we should consider downgrading to low severity, or relaxing thresholds. The person on call that week has the biggest stake, and can take the lead in these discussions and efforts.
A pagerduty week starts and ends on Friday 18:00 CE(S)T
A Dayshift is from 06:00-18:00
A Nightshift is from 18:00-06:00
There is a Nighttime breaker on Monday
There is a Daytime breaker on Friday, filled by the same person that takes the Monday breaker
Founders are always Level 2 fallback 24/7
Pagers take priority over other work, this applies to both Day- and Nightshift
With 5 people in rotation, you would be on:
- Dayshift in week 1
- Nightshift in week 2
- Breakershift in week 3 (Monday Nightshift and Friday Dayshift)
- nothing in week 4
- nothing in week 5
If you had interrupted sleep for two days in a row it is encouraged that a team mate covers the following night for you.
It is the responsibility of the person requesting a shift replacement to also set the override. Here's a guide for creating overrides in PagerDuty.
During a shift, the primary person on call:
- is, outside office hours, no further than 30 minutes away from being effective on a workstation (a machine and location where they can expect with a very high degree of certainty to have the necessary applications, connectivity, electricity, and credentials to troubleshoot issues with Transloadit’s production platform. Try to optimize for less than 30 minutes, 30 should the the exception, not be the norm. It is better to swap duties than to take chances.
- catches up on sleep by sleeping in, or taking naps. The Teammate is only expected to work 80% of their regular engagement. Teammate is not on call on Mon-Thu from 09:00-17:00 CE(S)T and on Friday from 09:00-16:00 CE(S)T, and is allowed to ”go out and swim”, as there are enough people present to troubleshoot issues.
- does not do drugs. Depending on the person, e.g. moderate alcohol consumption may be acceptable. This is up to the discretion of the Teammate, as long as they acknowledge that failing to troubleshoot a problem effectively due to intoxication will be regarded as severe negligence. Clarification: what Teammates do in their own time (that doesn't affect work performance), is absolutely none of Transloadit’s business.
- is the first responder to acknowledge or resolve a pager. They must respond within 10 minutes of the first notification. This means carrying a phone that is not silent, has a loud/distinct enough ringtone or otherwise will be noticed even while asleep, that is closeby, has enough battery and connectivity, isn’t scheduled to receive an upgrade and reboot into zero connectivity unnoticed, etc. Depending on the severity of the pager, they should start solving the problem immediately or the next day.
- makes sure to message or call a peer or senior if they are unable to adequately solve the problem, or if they are unsure about the severity or resolution. When in doubt, the founders should be messaged, then called if they do not respond. Hence, the primary person on call makes sure to have their current contact info.
- makes sure to timely ask to trade shifts with another Teammate if there are plans that conflict with the on-call duty. We explicitly recommend to trade when considering taking a chance on clubbing, as experience tells us it jeopardizes hearing the notification, getting away from the club in time, and a clear troubleshooting head.
- is compensated with 150% their hourly rate for time they had to work outside their office hours (such to be reasonably determined by the engineer), rounded up to the nearest half-hour per incident. Potential travel time to the workstation counts as working hours. Up to $200 in lost expenses are reimbursable (you had to abort a dinner)
During a Dayshift, the primary person on call:
- is compensated with 10% free time during office hours in the week that they had to be available, even if they did not receive a single pager
During a Nightshift, the primary person on call:
- is compensated with 20% free time during office hours in the week that they had to be available, even if they did not receive a single pager
Do not stray from these guidelines without written permission by Transloadit's founders.