Data Security
Compliance with regulations
The Kotopro system has been notified to the data protection commissioner as required by sections 36, sections 3, and 37 of the personal data act. Descriptions of personal data registers are all available for all personal data processing. Kotopro handles personal data responsibly and complies with applicable Data Protection Regulations.
Access rights and authentication
An email address and password are used to authenticate the user. Each company has its own operating environment, and each user is assigned an access level in the operating environment. Access rights limit the user’s general access rights in the company, as well as ownership, viewing, and editing rights for individual objects. It is possible to share objects in the operating environment with users outside the company. These users get access only to the shared object.
Log data
The program stores log data and analytics of its usage. The log data stores the time, user information, where the program was viewed or modified, and the IP address from which it was used.
Data transfer security
Data transfer between the client device and the application server is always done over a secure HTTPS / TLS connection, using modern encryption algorithms with a 2048-bit encryption key. Data transmission between Kotopro’s servers is also always encrypted.
Backups
All data stored in Kotopro is backed up regularly or is automatically backed up in a multi-location distributed system. Depending on the nature of the damage, individual objects can be restored from backups or the entire system if necessary.
Servers and third parties
Kotopro uses reliable and secure external service providers to provide the service. Service providers are responsible for the physical security of the servers, their security updates, and compliance. Kotopro is, for its part, responsible for security updates and access control. The systems are updated regularly. Our servers are located in the EU. The service providers used by Kotopro are Amazon Web Services, Linode, and IBM Compose. In addition to these, we use the following services to provide other functionalities: Sendgrid, DocRaptor, Help Scout, and New Relic.