Security & Infrastructure

Encryption

Encryption means that your data is encoded in such a way that to the naked eye it looks like gibberish.

For example, if you encrypted this sentence it may look like this:

8WAtp8nUEOrzSu67t9tGITEzIdgr6huIpXqofo0rv2w9y3DzSu67A=

Any encrypted data must be decrypted in order to be read. By encrypting your data we’re ensuring that only authorized parties (that’s you!) can read it.

Encryption in transit – We encrypt all data as it moves between our servers and the web browser.

Our API’s are fully encrypted so every request to view or update your records automatically encrypts that data behind the scenes.

Encryption at rest – We encrypt all data that’s stored on our servers.

This includes both the records stored in our databases and search indexes as well as any files and images uploaded to your database.

Bank-level Encryption – We use both SHA-256 and AES-256 encryption, the strongest encryption available.

This is the same level of encryption that banks use.

Redundancy

Redundancy is usually a negative word: it means no longer useful or necessary.

In the data world, redundancy is very good word. A system with high redundancy means that there’s no single point of failure.

If any one component goes down, a redundant component can step right in with no noticeable difference.

For Knack this means that if one database fails you won’t start hearing from your angry users – other databases will pick up the workload.

Multiple Databases – We mitigate database failures by storing your data in multiple databases, so if one database goes down the other databases can pick up the slack.

Each change made to your database immediately propagates to these redundant versions.

Multiple Locations – Having multiple databases won’t help if they are all stored in a single location. One well placed meteor landing and those databases are gone.

We mitigate location failure by storing the extra databases in different geographic locations.

Offline Backups – we store physical backup files in a separate location from the servers as a final safeguard in case of major catastrophe.

These backups are made on a daily basis and are encrypted using AES-256 encryption keys.

Policies

Security doesn’t stop with infrastructure. Without the right polices around privacy and access, your data can still be susceptible to human error or compromise.

The same amount of attention to infrastructure and technology needs to be allocated to the people and policies responsible for running that technology.

We’ve carefully implemented security policies around your data’s privacy and about how our team can access that data.

Privacy – We maintain a privacy policy that outlines our commitment to respecting your privacy and the privacy of the information in your account.

Ultimately, the data in your account is not accessible to anyone, unless you make it accessible.

Data Ownership – you are the sole owner of your data and completely responsible for it.

We have no ownership of your data and can make no claims on it as long as you are following the terms of agreement.

NDA and Confidentiality – Each  employee signs non-disclosure and confidentiality agreements that provide legal backing for our obligation to keep your data private and confidential.

Development Silos – Our engineers work in a development environment that is completely separated from any live data. This way no bugs or errors have even the slightest potential to affect your data.

VPN Access – All access by employees to customer data is governed by a secure virtual private network. This access is monitored and can be revoked at any time, so even a stolen laptop presents no privacy risks.

Access Logging – Every access request to your data is logged and time-stamped. We can confirm exact access to any data in the unlikely case that this log is needed.