GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions
botserver/docs/src/chapter-12-auth/README.md

6 KiB
Raw Blame History

Chapter 12: Security and Privacy

Your Security

BotServer protects your information with enterprise-grade security while keeping things simple for you to use.

Logging In

First Time Access

When you first access BotServer, you'll see the login screen:

  1. Enter your email - Use your work or personal email
  2. Enter your password - Choose a strong password
  3. Click Sign In - You're ready to go

Staying Signed In

  • Check "Remember me" to stay logged in for a week
  • Uncheck it on shared computers
  • You'll be automatically signed out after 24 hours of inactivity

Single Sign-On

If your organization uses single sign-on:

  1. Click "Sign in with your organization"
  2. Enter your work credentials
  3. You're automatically connected to all services

Your Account Security

Password Protection

Your password is protected with:

  • Industry-standard encryption
  • Never stored in plain text
  • Never visible to administrators
  • Never sent over unencrypted connections

Two-Factor Authentication (Coming Soon)

For extra security, you can enable:

  • SMS verification codes
  • Authenticator apps
  • Hardware security keys

Active Sessions

View and manage where you're logged in:

  1. Go to SettingsSecurity
  2. See all active sessions
  3. Sign out of any device remotely
  4. Get alerts for new sign-ins

Your Data Privacy

What We Protect

  • Conversations - All chat messages are private
  • Files - Documents encrypted at rest
  • Emails - Secure transmission and storage
  • Meetings - End-to-end encryption available
  • Tasks - Private to you and your team

Who Can See Your Data

Only You Can See:

  • Your private conversations
  • Personal files in your drive
  • Your email messages
  • Your task lists

Your Team Can See:

  • Shared conversations (when you share them)
  • Files you explicitly share
  • Team tasks you're assigned to
  • Meetings you're invited to

Administrators Cannot See:

  • Your password
  • Private conversations
  • Personal files
  • Email contents

Data Location

Your data is stored:

  • On your organization's servers
  • Never on public clouds (unless configured)
  • With automatic backups
  • Following your local data regulations

Security Features You'll Notice

Automatic Protection

These happen without you doing anything:

  • Secure connections - Green padlock in your browser
  • Session timeout - Automatic logout when idle
  • Password requirements - Ensures strong passwords
  • Encrypted storage - Files and messages protected

Security Indicators

Look for these signs that you're secure:

  • 🔒 Padlock icon - Secure connection active
  • Green checkmark - Verified sender
  • 🛡️ Shield icon - Protected content
  • 🔐 Lock icon - Encrypted message

Managing Your Security

Changing Your Password

  1. Go to SettingsSecurity
  2. Click "Change Password"
  3. Enter current password
  4. Enter new password twice
  5. Click "Update Password"

Reviewing Account Activity

  1. Go to SettingsSecurity
  2. Click "Activity Log"
  3. See recent sign-ins
  4. Check for unusual activity
  5. Report anything suspicious

Privacy Settings

Control who can:

  • See when you're online
  • Send you messages
  • Access your shared files
  • Invite you to meetings

Secure Communication

Chat Security

Your conversations are protected:

  • Messages encrypted in transit
  • History saved securely
  • No external access
  • Deleted messages are permanently removed

Email Security

When using email through BotServer:

  • Connections use TLS encryption
  • Spam filtering active
  • Virus scanning enabled
  • Phishing protection

Meeting Security

Video meetings include:

  • Optional waiting rooms
  • Meeting passwords available
  • Screen sharing controls
  • Recording permissions

File Security

Uploading Files

When you upload files:

  • Automatic virus scanning
  • Encrypted storage
  • Version history kept
  • Sharing controls available

Sharing Files

Control who accesses your files:

  • Share with specific people
  • Set expiration dates
  • Require passwords
  • Track who viewed files

Development Mode

When you see "Development Mode" banner:

  • You're in a test environment
  • Security is relaxed for testing
  • Don't use real passwords
  • Don't store sensitive data

Security Best Practices

Do's

  • ✓ Use a strong, unique password
  • ✓ Log out on shared computers
  • ✓ Keep your browser updated
  • ✓ Report suspicious activity
  • ✓ Verify before clicking links

Don'ts

  • ✗ Share your password
  • ✗ Use the same password elsewhere
  • ✗ Click suspicious links
  • ✗ Ignore security warnings
  • ✗ Leave your session open

Getting Help

Lost Password

  1. Click "Forgot Password" on login
  2. Enter your email
  3. Check your inbox
  4. Click the reset link
  5. Choose a new password

Locked Account

If you're locked out:

  • Wait 15 minutes and try again
  • Contact your administrator
  • Use password reset if available

Security Questions

Contact support for:

  • Suspicious activity
  • Security concerns
  • Access issues
  • Privacy questions

Compliance

BotServer helps your organization meet:

  • GDPR requirements (Europe)
  • HIPAA standards (Healthcare)
  • SOC 2 compliance (Enterprise)
  • Local privacy laws

Your Rights

You have the right to:

  • Access your data
  • Export your information
  • Delete your account
  • Know how data is used
  • Opt-out of features

Security Updates

We continuously improve security:

  • Automatic security updates
  • No action required from you
  • Notifications for important changes
  • Regular security audits

Summary

Your security is automatic and transparent. You don't need to be a security expert - BotServer handles the complex parts while you focus on your work. If something seems wrong, the system will alert you and guide you to safety.

See Also