Security Overview
Sander Improvement Software AB Flare Plugin Suite Document Type: Security Overview (Informational) Version: 2026-01-30 Status: Non-contractual — subject to change
Purpose and Scope
This document provides a high-level overview of the security posture and typical operational characteristics of the Flare Plugin Suite developed by Sander Improvement Software AB. It is intended for general vendor risk assessment and informational purposes only.
This overview reflects current design intentions and common operating patterns at the time of publication and does not constitute a guarantee, certification, or contractual commitment.
1. Product Architecture Overview
The Flare Plugin Suite consists of locally installed desktop plugins that run inside MadCap Flare. The plugins function as workflow and productivity tools rather than hosted platforms or centralized data services.
Key architectural characteristics include:
- Execution within the customer’s local Flare environment
- No centralized storage of customer document content
- No hosted document repositories operated by Sander Improvement Software AB
Customer documents and Flare project content are processed within the customer’s own environment. Operating systems, endpoint security tools, or third-party software may generate their own artifacts outside the control of the plugins.
2. Data Handling Principles
The plugins are designed using a data-minimization approach. They are not intended to collect or process personal data beyond what is necessary for licensing and basic operation.
Personal or billing data associated with purchases is processed primarily by third-party Merchants of Record acting under their own policies.
3. Local Logs and Diagnostics
Some plugins may generate local diagnostic or error logs for troubleshooting purposes.
Typical characteristics:
- Logs are written locally on the user’s system
- Logs are not automatically transmitted to Sander Improvement Software AB
- Users may choose to share logs manually when requesting support
The content and retention of such logs depend on configuration, operating system behavior, and user actions.
4. Telemetry and Tracking
The plugins are not designed to rely on behavioral analytics, profiling, or usage telemetry to function. They do not intentionally embed tracking scripts or advertising mechanisms.
5. External Communications
Under normal operation, limited outbound network communication may occur for purposes such as:
- License validation
- Version or compatibility checks
Such communication is performed over encrypted connections (e.g., HTTPS/TLS). Customer document content is not intentionally included in these requests.
Network activity generated by the operating system, antivirus software, proxies, or other tools is outside the scope of this document.
6. Infrastructure and Access Controls
Services operated directly by Sander Improvement Software AB (such as licensing endpoints) are hosted with third-party providers.
Security controls typically include:
- Restricted administrative access
- Use of strong, unique credentials
- Multi-factor authentication where supported by the provider
Operational responsibilities are limited in scope and managed by designated roles.
7. Software Integrity and Dependencies
Plugin binaries and installers are digitally signed using a commercial code-signing certificate.
Development characteristics include:
- Use of standard .NET assemblies compatible with MadCap Flare
- Bundled dependencies included at build time
- No intentional dynamic loading of executable code from external sources at runtime
Third-party libraries are selected from commonly used ecosystems and distributed under their respective licenses.
8. Development and Release Practices
The development process aims to keep the codebase small, auditable, and predictable.
Typical practices include:
- Review of changes prior to release
- Code signing before distribution
- Testing against supported MadCap Flare versions
Updates are generally user-initiated and installed manually.
9. Logging, Monitoring, and Incident Handling
Operational visibility for licensing and distribution services depends in part on third-party platforms and hosting providers.
If a security issue affecting licensing or distribution is identified, response actions may include:
- Assessing scope and impact
- Implementing corrective or mitigating measures
- Communicating with affected users where appropriate and feasible
Response actions are performed on a best-effort basis and depend on the nature of the issue and available information.
10. Business Continuity
Sander Improvement Software AB maintains backups of materials required to rebuild and redistribute supported plugins, such as source code and release artifacts.
Recovery approaches are designed to reduce single-point-of-failure risk but do not constitute uptime or availability guarantees.
11. Sub-Processors
Certain services rely on independent third-party providers acting under their own security and compliance frameworks, including providers for:
- License management
- Payment processing
- Hosting infrastructure
Sander Improvement Software AB does not control the internal security practices of these providers.
12. Security Questionnaires
Where appropriate, Sander Improvement Software AB may provide responses aligned with commonly used vendor security questionnaires (such as SIG Lite or CSA CAIQ) on a best-effort basis. Such responses are informational and may require a non-disclosure agreement.
Requests can be directed to: urgent@improvementsoft.com
13. Disclaimer
This document is provided for informational purposes only and does not create warranties, representations, or contractual obligations. Actual behavior may vary depending on configuration, environment, third-party services, and user actions.