Team Policies
All Transloadit Teammates that handle code or data, should sign our Consultancy Services Agreement. The agreements refers to this Work Policy, which contains more hands-on guidelines, that may evolve over time in correspondence with our team. This allows us to very specifically name fast moving technologies that would risk deprecating our contracts if we kept them there.
Security & Privacy
Customers and Vulnerability Researchers may find our Security page more relevant.
In addition to the confidentially clauses of our agreement, please take these up to date practical guidelines to heart.
To apply security best practices on the devices where the Confidential Information is kept:
- Configure your devices to automatically install the latest security updates for your OS & apps regularly. This includes computer, phone, tablet, but also the firmware of routers, modems, and IOT equipment. Periodically make sure they are up to date, and discard of devices that are EOL.
- Do not connect to the internet without a firewall (e.g. by setting your modem in bridge mode).
- On public/untrusted Wi-Fi (Wi-Fi that strangers can join: hotel, lan party, cafe), encrypt and tunnel work traffic. Connections from the browser must use a VPN/SSH tunnel (confirm via IP lookup, note that this link is only available to Transloadians). SSH and other traffic (e.g. from the terminal and other apps that do not support SOCKS5) is not required to do so.
- Use an encrypted harddrive.
- Use 2FA where possible, and at least for GitHub, Google, Dropbox, NPM and other vital services.
- Make a best effort to keep a papertrail of OS level / security logs for for 30 days or more.
- Use an unpriviliged account (no root/Administrator) by default.
- Use an audited and well established password manager to keep your passwords, do not save your passwords elsewhere. use the passwords manager's ability to install strong passwords for all your important accounts, private and work-related.
- Only transmit secrets to collegues via Signal, after enabling auto-expiring messages.
- Do not check out Transloadit's private repositories on servers or other devices, other than your primary workstation(s).
- When creating accounts for Transloadit, never use a personal email address (but support@transloadit.com or billing@transloadit.com instead).
- With api2 repo access comes production database access. You should however never directly interact with the production database (e.g. MySQL Client, Sequel Ace/Pro, DataGrip, phpMyAdmin, or alternatives), even if just read-only, without explicit consent from the founders for what you are about to do. Code that interacts with the production database will first need to be reviewed by founders before merged and ran against it.
Miscellaneous
- Section 3.1 of our Consultancy Services Agreement states that you need written agreement before adding Third-party code. When writing Pull Requests that include open source licensed code, an approval or merge by a repository admin counts as such.
Pagerduty Rotation
This section can be ignored if you are not in Pagerduty Rotation. If you are, please familiarize with these guidelines.
-
Transloadit’s goal is to be pager free. Systems should be made to autoheal where we can. All high severity pagers should be actionable. If they are not, and the respective system cannot be changed to stay within thresholds reliably, we should consider downgrading to low severity, or relaxing thresholds. The persons on call that week have the biggest stakes, and can take the lead in these discussions and efforts.
-
A pagerduty week is split into multiple shifts (all times are in CE(S)T):
- Day shift covers 06:00-18:00 on Monday, Tuesday, Wednesday and Friday.
- Night shift covers 18:00-06:00 on Monday, Wednesday, and Thursday nights.
- Breaker shift covers 18:00-06:00 on the night from Monday to Tuesday and 06:00-18:00 on Thursday.
- Weekend shift begins at 18:00 on Friday and ends on the next Monday at 06:00.
-
Founders are always Level 2 fallback 24/7.
-
Pagers take priority over other work, this applies to both day and night shift.
-
With 5 people in rotation, you would be on:
- Day shift in week 1
- Night shift in week 2
- Breaker shift in week 3
- Weekend shift in week 4
- nothing in week 5
-
If you had interrupted sleep for two days in a row it is encouraged that a team mate covers the following night for you.
-
It is the responsibility of the person requesting a shift replacement to also set the override. Here's a guide for creating overrides in PagerDuty.
-
During a shift, the primary person on call:
- is no further than 30 minutes away from being effective on a workstation (a machine and location where they can expect with a very high degree of certainty to have the necessary applications, connectivity, electricity, and credentials to troubleshoot issues with Transloadit’s production platform. Try to optimize for less than 30 minutes, 30 should the the exception, not be the norm. It is better to swap duties than to take chances.
- does not do drugs. Depending on the person, e.g. moderate alcohol consumption may be acceptable. This is up to the discretion of the Teammate, as long as they acknowledge that failing to troubleshoot a problem effectively due to intoxication will be regarded as severe negligence. Clarification: what Teammates do in their own time (that doesn't affect work performance), is absolutely none of Transloadit’s business.
- is the first responder to acknowledge or resolve a pager. They must respond within 10 minutes of the first notification. This means carrying a phone that is not silent, has a loud/distinct enough ringtone or otherwise will be noticed even while asleep, that is closeby, has enough battery and connectivity, isn’t scheduled to receive an upgrade and reboot into zero connectivity unnoticed, etc. Depending on the severity of the pager, they should start solving the problem immediately or the next day.
- makes sure to message or call a peer or senior if they are unable to adequately solve the problem, or if they are unsure about the severity or resolution. When in doubt, the founders should be messaged, then called if they do not respond. Hence, the primary person on call makes sure to have their current contact info.
- makes sure to timely ask to trade shifts with another Teammate if there are plans that conflict with the on-call duty. We explicitly recommend to trade when considering taking a chance on clubbing, as experience tells us it jeopardizes hearing the notification, getting away from the club in time, and a clear troubleshooting head.
- is compensated with 150% their hourly rate for time they had to work outside their office hours (such to be reasonably determined by the engineer), rounded up to the nearest half-hour per incident. Potential travel time to the workstation counts as working hours. Up to $200 in lost expenses are reimbursable (you had to abort a dinner)
-
During a day shift, the primary person on call:
- is compensated with 10% of the shift duration as free time during office hours in the week that they had to be available, even if they did not receive a single pager
-
During a night shift, the primary person on call:
- is compensated with 20% of the shift duration free time during office hours in the week that they had to be available, even if they did not receive a single pager
- catches up on sleep by sleeping in, or taking naps. The Teammate is only expected to work 80% of their regular engagement on a work day after nighshift.
-
A breaker shift is compensated as the corresponding day and night shift parts.
-
A weekend shift is compensated as a night shift.
Do not stray from these guidelines without written permission by Transloadit's founders.