Kotopro is safe to use. It meets strict data protection requirements.
Kotopro is a cloud service that collects and records time-stamped information, images and attachments in fixed formats. This data could be organized according to customer specific structures and shared with multiple participants. We have paid special attention to data protection and are constantly following the developments of the industry.
Compliance with regulations
The Kotopro system has been notified to the data protection commissioner as required by sections 36, sections 3 and 37 of the personal data act. Descriptions of personal data registers all available for all personal data processing. The Kotopro system has been registered in the statutory Valvira register for electronic information systems in category B. Kotopro handles personal data responsibly and complies with applicable Data Protection Regulations.
Access rights and authentication
An email address and password are used to authenticate the user. Each company has its own operating environment and each user is assigned an access level in the operating environment. Access rights limit the user’s general access rights in the company, as well as ownership, viewing and editing rights for individual objects. It is possible to share objects in the operating environment to users outside the company. These users get access only to the shared object.
The program stores log data and analytics of its usage. The log data stores the time, user information, where the program was viewed or modified, and the IP address from which it was used.
Data transfer security
Data transfer between the client device and the application server is always done over a secure HTTPS / TLS connection, using modern encryption algorithms with a 2048-bit encryption key. Data transmission between Kotopro’s servers is also always encrypted.
All data stored in Kotopro is backed up regularly or is automatically backed up in a multi-location distributed system. Depending on the nature of the damage, individual objects can be restored from backups or the entire system if necessary. Images, files and backups stored on the service are encrypted at rest.
Servers and third parties
Kotopro uses reliable and secure external service providers to provide the service. Service providers are responsible for the physical security of the servers, their security updates and compliance. Kotopro is for its part responsible for security updates and access control. The systems are updated regularly. Our servers are located in the EU. The service providers used by Kotopro are Amazon Web Services, Linode and IBM Compose. In addition to these, we use the following services in providing other functionality: Sendgrid, DocRaptor, Help Scout and New Relic.