Last updated: 18 December 2018
It is extremely important to Kapta that customer data be handled in a way to ensure:
– It is not accessed by anyone that isn’t authorized.
– It is transmitted to/from the customer environment in a secure manner.
– It is stored in a physical/logical secured environment as required by the classification of the data.
– It is only used for the purpose that the data was intended to be accessed for.
– The data is securely destroyed when it is no longer needed in a manner that makes it nearly impossible to retrieve through publicly available data retrieval methods.
Encryption of Data
Kapta utilizes some of the most advanced technology for Internet security available today. When you access our site, Transport Layer Security (TLS) technology, also known as HTTPS, protects your information using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. Your data is encrypted both in transit and at rest and will be completely inaccessible to unauthorized users.
Cookies and Passwords
Kapta provides each User in your organization with a unique user name and password that must be entered each time a User logs on, unless specified by the user to keep the session alive. In that case Kapta issues a session “cookie” only to record encrypted authentication information for the duration of a specific session. The session “cookie” does not include either the username or password of the user. Kapta does not use “cookies” to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. Kapta enforces a strong password policy.
Hosting and Physical Security
Kapta is hosted in a secure server environment using world-class, SOC 2 accredited data centers provided by Amazon Web Services that uses a firewall and other advanced technology to prevent interference or access from outside intruders.
Kapta performs regular penetration tests and remediate according to severity for any results found.
Privacy and Security Policies
Kapta has established a privacy program designed to help respect and protect your data privacy rights. We maintain administrative, technical and physical safeguards intended to protect against the loss, misuse, unauthorized access, alteration, or disclosure of Personal Information. Kapta regularly reviews and updates its information security policies, at least on an annual basis.
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Kapta learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.
Kapta conducts background screening at the time of hire. In addition, Kapta communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
Although we take such precautions seriously, it is impossible for us to guarantee the safety and security of Personal Information. We cannot ensure or warrant the security of any information. Since our subscribers control their users and their data, it is important for the users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized persons.