Data Security

Regulatory compliance

Kotopro complies with the data protection legislation in force in Finland when processing personal data and processes all personal data confidentially and responsibly.

Access rights and authentication

An email address and password are used to authenticate the user. Each company has its own operating environment, and each user is assigned an access level in the operating environment. Access rights limit the user’s general access rights in the company, as well as ownership, viewing, and editing rights for individual objects. It is possible to share objects in the operating environment with users outside the company. These users get access only to the shared object.

Log data

The program stores log data and analytics of its usage. The log data stores the time, user information, where the program was viewed or modified, and the IP address from which it was used.

Data transfer security

Data transfer between the client device and the application server is always done over a secure HTTPS / TLS connection, using modern encryption algorithms with a 2048-bit encryption key. Data transmission between Kotopro’s servers is also always encrypted.

Backups

All data stored in Kotopro is backed up regularly or is automatically backed up in a multi-location distributed system. Depending on the nature of the damage, individual objects can be restored from backups or the entire system if necessary.

Services and third parties

Kotopro uses external reliable and secure service providers to provide the service, who are responsible for the physical security of the servers, information security updates and compliance.

We have made appropriate agreements with service providers. Kotopro is responsible for our own information security updates and user rights management. The systems are updated regularly.

Our services are mainly located in the EU. The service providers used by Kotopro are Amazon Web Services, MongoDB Atlas and Elastic Cloud. In addition to these, we use the following US-based services outside the EU: Sendgrid (in-app emails), DocRaptor (PDF printing service) and Help Scout (helpdesk system).