At Lean Library, we put honesty and transparency at the heart of everything we do. We are also working towards ISO27001 certification over 2022.
For now, here is some information regarding the security of our extension:
We do not store credentials or personally identifiable information for users. Data that is captured is immediately anonymised and aggregated for usage reporting only
All authentication is provided either by the clients SSO service (e.g. OpenAthens, Shibboleth) or Proxy client (e.g. EZProxy). No data for this is sent between the extension and server
We use HTTPS for all requests ensuring that they use TLS 1.2 as a minimum
All systems stored in the Cloud, implementing recommended best practices
Databases (of main concern user logins for librarians) are locked down with strict access only as needed
No production data is used in test or development environments
We hope this information will assure you of our determination in providing a highly secured experience to both the librarians and the patrons.
If you are interested to hear more, please visit this Privacy FAQs article to understand how the extension works and the related privacy questions.