IDENTITY & ACCESS MANAGEMENT Any connection to the Kraaft application is encrypted end-to-end with SSL (Secure Sockets Layer) Certificates guaranteeing the integrity of all web requests and ensuring any information is transmitted securely to our servers.
Any access to the Kraaft application (except the access to login and sign up pages) is secured by authentication (email/password, phone or SSO) and every request made by the application to our servers is secured by authentication tokens.
DATA PROTECTION Data hosting Our servers and data are hosted on the Google infrastructure. The location is Europe West 1 (Belgium) and Europe West 6 (Switzerland). Security rules are carefully implemented on servers.
Data Loss Prevention policy (DLP) Our Data is automatically backed up on a daily basis with a 30-day retention period. Internal protocols and access control Our platform provides role-based access control (RBAC) features, allowing to set user-specific access and editing permissions for your data. This system enables an access control-based, fine-grained, enforced segregation of duties within an organisation.
Dependency Management We automatically monitor for any security issues within our source code and infrastructure and apply any patch within 24h.
Best Practices We protect our web applications by filtering malicious web traffic based on IP addresses, HTTP headers, HTTP body, or URI strings, which allows blocking common attack patterns, such as SQL injection or cross-site scripting. We also have measures to implement DDoS and MITM protection via highly available load balancers and a robust SSL/TLS infrastructure.