Security Statement

Last updated: 18 December 2018

Kapta, Inc. (“Kapta” or “we”) values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

It is extremely important to Kapta that customer data be handled in a way to ensure:

– It is not accessed by anyone that isn’t authorized.

– It is transmitted to/from the customer environment in a secure manner.

– It is stored in a physical/logical secured environment as required by the classification of the data.

– It is only used for the purpose that the data was intended to be accessed for.

– The data is securely destroyed when it is no longer needed in a manner that makes it nearly impossible to retrieve through publicly available data retrieval methods.

Encryption of Data

Kapta utilizes some of the most advanced technology for Internet security available today. When you access our site, Transport Layer Security (TLS) technology, also known as HTTPS, protects your information using both server authentication and data encryption, ensuring that your data is safe, secure, and available only to registered Users in your organization. Your data is encrypted both in transit and at rest and will be completely inaccessible to unauthorized users.

Cookies and Passwords

Kapta provides each User in your organization with a unique user name and password that must be entered each time a User logs on, unless specified by the user to keep the session alive. In that case Kapta issues a session “cookie” only to record encrypted authentication information for the duration of a specific session. The session “cookie” does not include either the username or password of the user. Kapta does not use “cookies” to store other confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs. Kapta enforces a strong password policy.

Hosting and Physical Security

Kapta is hosted in a secure server environment using world-class, SOC 2 accredited data centers provided by Amazon Web Services that uses a firewall and other advanced technology to prevent interference or access from outside intruders.

Penetration Tests

Kapta performs regular penetration tests and remediate according to severity for any results found.

Privacy and Security Policies

Kapta has established a privacy program designed to help respect and protect your data privacy rights. We maintain administrative, technical and physical safeguards intended to protect against the loss, misuse, unauthorized access, alteration, or disclosure of Personal Information. Kapta regularly reviews and updates its information security policies, at least on an annual basis.

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Kapta learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Kapta conducts background screening at the time of hire. In addition, Kapta communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.

Your Responsibilities

Although we take such precautions seriously, it is impossible for us to guarantee the safety and security of Personal Information. We cannot ensure or warrant the security of any information. Since our subscribers control their users and their data, it is important for the users to practice sound security practices by using strong account passwords and restricting access to their accounts to authorized persons.