At Knowa we take the security and privacy of our users’ data very seriously, and for good reasons. We are constantly monitoring and improving Knowa to meet the growing demands and challenges of security and cybercrime. Every person and team using our service expects their data to be secure and confidential and as such we have gone to extensive measures to protect it. As a rule we don’t like to expose too much information about our security practices, however we understand that security is very important to our customers, so we decided to share the following information. We hope you find it useful.
Taking your security seriously
All user data is transported securely, as all traffic is encrypted in transit via SSL. Encrypting the data protects it from unauthorised modification and man-in-the-middle attacks. We use 256-bit SSL/TLS.1.2 encryption, utilising both the ECDSA and RSA algorithms.
Our hosting environment is fully-redundant with disaster recovery procedures. Our cloud hosting providers maintain multiple certifications for their data centres and comply with international regulatory standards including ISO 27001, ISO 27018, SOC 1 (SSAE 16), PCI DSS, FedRAMP and HIPAA.
Our servers are located in Dublin and London and backed up hourly.
People and Access
The privacy of your data is a big deal to us and it is in the interest of Knowa to reassure users that there will never be unauthorised access. Without exception, no one (no employee, contractor or partner of Knowa) will have access to any account and user data or communications stored on the Knowa platform.
In the event of required support, specific data and communications will be accessed only with explicit signed authorisation from an account owner. In such an event this will be carried out by a named person or set of persons within Knowa support.
Logging and Monitoring
All login and server access to account and user information is logged in real time and is permanently immutable. These logs can be be requested for auditing at any time by account owners and administrators so you can always verify that no unauthorized access has happened.
We continuously monitor event logs, notifications and alerts from all our systems in order to prevent threats.
The Knowa development team employs the latest secure coding techniques and best practices. All developers are formally trained in secure web application development practices.
Development, testing and production environments are kept separate. All changes are peer reviewed and logged for performance and audit purposes prior to deployment into the production environment.