Storing information securely is a shared responsibility between Tecology and its clients. Tecology Workspace provides a secure, structured environment for managing files, credentials, and sensitive information, but how data is added, accessed, and used also plays a critical role in maintaining security and compliance.
These best practices apply to organisations operating internationally and are designed to support regulatory frameworks such as GDPR, while remaining relevant across different legal and organisational contexts.
Understanding shared responsibility
Tecology is responsible for:
- Maintaining the security of the Tecology Workspace platform
- Hosting the system on highly secure servers within the EU
- Applying infrastructure-level security controls
- Performing regular, automated backups
Clients are responsible for:
- Ensuring the data they upload is appropriate and necessary
- Managing user access and permissions correctly
- Handling downloaded data securely on their own devices
- Following their organisation’s internal policies and regulatory obligations
Security works best when both sides play their part.
Platform security and hosting
Tecology Workspace is a self-hosted system operated entirely by Tecology.
Key security measures include:
- Hosting on highly secure servers located in the European Union
- Infrastructure designed to meet GDPR data residency expectations
- Incremental backups performed every 3 hours
- Strict access controls at both platform and data levels
This approach ensures Tecology maintains direct control over the environment in which client data is stored and processed.
Data minimisation and purpose limitation
Only store information that is genuinely required for the delivery of services.
Best practice includes:
- Avoiding unnecessary duplication of files
- Not storing personal or sensitive data unless it serves a clear purpose
- Removing outdated or no-longer-relevant information where appropriate
This aligns with GDPR principles and reduces risk in the event of accidental exposure or misuse.
Using the right storage location
Different types of information should be stored in the correct place within Tecology Workspace:
- Project files should be stored within the relevant project
- Credentials and sensitive access details should be stored in the Vault
- Temporary or discussion-based information should not be used as a substitute for secure storage
Avoid sharing sensitive information via comments, tickets, live chat, or email.
Access control and least privilege
Access should always be granted on a need-to-know basis.
Best practice includes:
- Giving users the minimum level of access required
- Reviewing access regularly, especially when roles change
- Removing access promptly when it is no longer required
This applies equally to client users and Tecology team members.
Downloading and local storage considerations
Once data is downloaded from Tecology Workspace, it falls outside Tecology’s controlled environment.
Users should:
- Only download files when absolutely necessary
- Be aware of the security policies of the device being used
- Consider whether the device is shared, managed, or subject to third-party controls
- Follow their organisation’s data handling, retention, and disposal policies
Tecology cannot control how downloaded data is stored, copied, or shared on external systems.
Regulatory and organisational compliance
Tecology Workspace is designed to support compliance with GDPR and similar international data protection frameworks. However, regulatory compliance ultimately depends on how each organisation uses the platform.
Users are responsible for:
- Understanding their legal and contractual obligations
- Ensuring downloaded or shared data complies with internal policies
- Confirming whether their organisation has specific requirements for data handling or storage locations
If in doubt, guidance should be sought internally or from appropriate legal or compliance teams.
When to speak to the Tecology support team
You should contact the Tecology support team if:
- You are unsure where certain data should be stored
- Access permissions need to be reviewed or adjusted
- Sensitive information appears to be missing or inaccessible
- You require clarification on platform security or data handling practices
Open communication helps prevent issues before they arise.