Kameleon technical

Summary

• Kameleon is cross platform document creation SaaS product.

• Documents created from templates are not stored by Kameleon.

• Data is located and processed inside European Economic Area (EEA).

• Authentication is done against Azure AD.

• Hosted in Microsoft Azure (utilizing PaaS services).

General

Kameleon is SaaS product and software updates are delivered automatically for end users.

Requirements

• Azure AD

• Microsoft 365 business subscription

Platform support

• Windows, Mac, browser

• Microsoft Office ¹

• Microsoft Teams ²

Delivery

• Office add-in via Microsoft 365 admin center ³

• Teams add-in via Teams admin center ⁴

Security

• Kameleon is multitenant application and uses Azure AD authentication to identify end user tenant.

Data storage

• Data is stored in Azure Cosmos DB and Azure SQL

• Files are stored in Azure Blob storage.

• Backups are taken daily with retention period of 30d.

Encryption

• All internal communication between server and client is SSL encrypted.

• All data in transit is SSL (TLS 1.2) encrypted.

• All data at rest are encrypted ⁵

Protection

• Distributed denial-of-service (DDoS) protection ⁶

• Web application firewall (WAF) ⁷

Access control

• Strict access controls enabled to ensure only authorized individuals can see data.

• All access is logged and monitored to detect and prevent unauthorized access.

Open source components

• Open source components are used and are actively monitored for patches and security vulnerabilities.

Privacy

• Privacy policy

Data

• Data is located and processed inside European Economic Area (EEA)

• Sensitive personal data is not collected.

• Customer data is removed once customer agreement ends within 12 months

Documents

• Kameleon doesn't store generated documents and they are only stored to customers' storage systems, e.g., Teams, SharePoint, OneDrive

Architecture

• Kameleon is API based SaaS product hosted in Microsoft Azure.

Technology

• Frontend: TypeScript, React (HTML/JS)

• Backend: TypeScript, Node, .NET Core

• Hosting: Azure App Service

Cloud platform

• Front- and backend are hosted on App Services in Azure Platform as a Service (PaaS)

• Azure security and compliance (https://azure.microsoft.com/en-us/explore/trusted-cloud/)

Authentication

• Azure AD, Office SSO, Teams SSO

• All API communication requires authentication against Azure AD user.

Cloud architecture

¹ Hardware requirements for Microsoft Teams (https://learn.microsoft.com/fi-fi/microsoftteams/hardware-requirements-for-the-teams-app)

² Requirements for running Office Add-ins (https://learn.microsoft.com/en-us/office/dev/add-ins/concepts/requirements-for-running-office-add-ins)

³ Deploy add-ins in the Microsoft 365 admin center (https://learn.microsoft.com/en-us/microsoft-365/admin/manage/manage-deployment-of-add-ins?view=o365-worldwide)

⁴ Overview of app management and governance in Teams admin center (https://learn.microsoft.com/en-us/microsoftteams/manage-apps)

⁵ Encryption at rest

⁶ DDoS protection on Front Door https://learn.microsoft.com/en-us/azure/frontdoor/front-door-ddos

⁷ WAF https://learn.microsoft.com/en-us/azure/web-application-firewall/afds/afds-overview