Security Policy

Security

Kauneonga LLC

Last Updated March 3, 2024

We often get questions from our users about our security practices and what we’re doing to protect their data. And though we don’t want to reveal too much of what we do behind the curtain, we want to lay out some of the most important things we do to protect your data and also what you can do to protect your own data when using Kauneonga’s products.

What we do to protect your data:

Data Handling

We take handling your data very seriously. We classify all data, and our employees are trained on proper handling of your (and our) data. Our employees are granted access to systems that hold your data on a “need-to-know” basis (i.e. if required to perform their job). Employees who have access to systems that hold your data are required to use strong passwords and multi-factor authentication.

Data Encryption

We encrypt all communication between you and our applications using industry standard SSL/TLS encryption. Cloud Database provider encrypts all cluster storage and snapshot volumes, securing all cluster data on disk: a concept known as encryption at rest. We hash all passwords and have no way to decrypt them so if you forget your password, resetting it is the only option. We store all your data in ISO 27001 compliant data centers in the United States through AWS.

Password Policy‍

Liberty Platform passwords are hashed and require a minimum of 8 characters, maximum of 64 characters, 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character.

Credit Card Safety

When you purchase a paid subscription with Kauneonga, we neither store nor transmit your credit card information. We use Stripe, a PCI-DSS Level 1 compliant payment processor to handle all credit card transactions.‍

We Care

One of our core values is that we care. We care about our customers, we care about our vendors, we care about our employees, and we care about doing the right thing. We embody this by keeping our technical stack, our application, and our business processes lean and free of unnecessary complexity. We automate as much testing, deployment, and backup processes as possible to reduce any human error. New code is seen by at least two pairs of eyes before being deployed to staging and evaluated against our secure coding standards. We regularly tear out code that has reached the end of its usefulness to keep our application simple, elegant, and secure. From staging, new code is tested through a strict quality assurance process, and if approved, prepared for a final code review and approval again by at least two pairs of eyes as well as our executive team before being deployed to production.

We Strive To Exceed Expectations

Another of our core values is that we strive to exceed expectations. Our engineering staff are constantly evaluating and integrating new technologies into our stack and application to create the best possible user experience and to increase security.

Monitoring

Our application keeps logs of user access (user logins and IPs) and many other activities. We actively monitor security issues and releases of our technical stack and deploy patches as quickly as possible. We utilize multiple types of logging to monitor the live (and past) state of our application to help detect and recover from any security events.

We do more

This is not a comprehensive list of all security measures we keep to safeguard your data. If you have any more questions please contact us, we’re glad to review and answer your questions.

What you can do to protect your data:

Use Multi-factor Authentication

Our application allows you and your colleagues to enable multi-factor authentication for all user types, which helps prevent unauthorized access.

User Management

The Liberty Platform allows admins to activate new users and deactivate non-existing users. It is recommended that you deactivate all users who are no longer actively using or no longer authorized to access the system.

Endpoint & Malware Protection

We recommend an active commercial antivirus program with the latest virus definition file on all workstations.

Updates and Configuration Management

It is a best practice to stay up to date on OS system updates and security patches as well as browser updates. Customers are responsible for configuring and maintaining their own internal systems.

‍Continuing Education

Kauneonga trains Kauneonga employees, but customers must train their own employees.

Learn about privacy settings

For any privacy inquiries, you can take a look at our privacy policy here. Feel free to email us for any additional questions at [email protected].

Reporting security issues

If you believe you’ve found something in Kauneonga’s Liberty Platform that has security implications, please report to us per our Responsible Disclosure Policy

* MFA is included with all plans for all users.

** Application events are logged for all accounts, but these are not accessible by clients.