About this Article
This article provides an overview of the technical stack used by Templafy. Templafy’s technology is a cloud-born SaaS platform. It has the flexibility to integrate into existing document ecosystems – whether on-premise or already in the cloud. Templafy integrates into Microsoft Office 2016/2019, Microsoft Office 365, and Google Workspace. It can be configured and customized to meet the needs of any organization in the world – no matter the size.
Templafy is the content enablement platform enabling businesses to align workforces and employees to create better performing business content, faster. Templafy boosts company productivity by introducing centralized governance to the document creation workflow.
Front-end: TypeScript, React, WPF
Backend: .NET, ASP.NET Core, VSTO
Hosting: Azure, Docker, Kubernetes (AKS), Web Apps, Azure SQL, etc.
Web site and backend is hosted on Microsoft Azure Kubernetes and stores data in Azure Platform as a Service (PaaS).
Microsoft Azure is certified with ISO 27001 and PCI DSS among other.
For more information on Microsoft Azure security and compliance:
Microsoft Azure provides SLA of 99,95% for Kubernetes (website and API) and 99,99% for data storage.
For info on Microsoft SLA:
|Templafy uses Microsoft Azure Kubernetes automatic scaling of web sites.
New instances are automatically spun up based on activity on web server.
Database and Azure backend features are configured for performance.
Templafy is hosted in multiple Azure Data Center regions:
North Europe and West Europe
Customers can request their tenant to be isolated to a specific region.
Data are stored in SQL Azure. Files are stored in Azure Blob storage.
Both types of storage are considered highly secure and reliable (eg. all data is saved on 3 disks and has geo redundancy to other data center within geographical region).
The Microsoft Azure backend ensures that no other Microsoft Azure customer can access our data.
Isolated data containers for each customer/client with no direct access and a web based access control system ensures that a user can only see data for the customer for which the User is signed on.
Role based system ensures that a User can only perform tasks in the system to which the User has been assigned privileges.
All controllers in the system have authentication filters to ensure guest isolation.
All internal communication between server and client is SSL encrypted.
All data in transit is SSL (TLS) encrypted.
All data at rest is encrypted using Service Managed Keys (AES256).
Customer BYOK is not supported.
Open Source components
|A selection of secure and qualified Open Source components are used and are constantly monitored for patches and security vulnerabilities.
Third party tools
|A list of third-parties used during the provision of the service can be found at https://www.templafy.com/data-processing-agreement/
Any SAML2 based Authentication Service (e.g. ADFS, Ping Federate, OKTA, Airwatch, etc.)
Open ID Connect like Microsoft Entra ID
OAuth 2.0 based authentication providers like Google
Templafy supports SCIM - read more here
OpenID Connect via App in Microsoft Entra ID
ADFS, Ping Federate, OKTA, and SAML2
Open ID Connect
To find out more about our extensive security protections, see our AICPA SOC report. SERVICE ORGANIZATION CONTROL REPORT ON CONTROLS RELEVANT TO SECURITY, CONFIDENTIALITY, AND AVAILABILITY
Templafy internal monitoring
All requests to servers are logged for minimum 1 year, including any operations performed by privileged admins. These are monitored continuously using SIEM.
File types supported
docx, pptx, xlsx, pdf, jpg, png, .svg. More file types are added continuously.
Ports used for communication between device and application
HTTPS (443) port only