Trust Center

Security

Infrastructure Security

KNOWRON leverages Amazon S3 cloud storage services within European Union data centers.
‍
KNOWRON utilizes Azure virtual machines for secure hosting of production systems.
‍
Data Encryption: All data is encrypted in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS and production databases are encrypted using AES-256 server-side encryption.
‍
Tenant Isolation: KNOWRON utilizes a multi-tenancy architecture to process and store data for different clients separately. Each client’s data is uniquely assigned and identified through the use of a unique identifier, such as a “Client ID”.
‍
Network Security: By establishing virtual networks and subnets with secure policies and firewall rules, networks are managed and controlled to protect information in systems and applications.

Product Security

Secure Development Lifecycle: KNOWRON has established a set of documented policies and procedures for its Software Development Life Cycle (SDLC) to guide staff in documenting and implementing changes to applications and infrastructure. These procedures cover initiating and requesting changes, documentation requirements, development practices, quality assurance testing, and the necessary approval processes.
‍
Vulnerability Management: KNOWRON continually works to identify and fix security vulnerabilities in our product and infrastructure.
‍
Role Based Access Control (RBAC): Users can only access relevant modules of the product as based upon their role and assigned permissions by the organizations administrator
‍
Audit Logs: KNOWRON logs user activities that occur within its product
‍
Environment Segregation: We maintain a distinct QA environment that is independent from our Production environment.

Data Security

Access Monitoring: Our security measures include comprehensive audit logging for network traffic, infrastructure modifications, and data access attempts. These logs are regularly reviewed and maintained to ensure their effectiveness.
‍
Backups Enabled: Customer data is backed up automatically using MongoDB Cloud and Elastic Cloud snapshots. Access to backups is restricted to authorised employees only.
‍
Protection of records: Customer data is protected from loss, destruction, falsification, unauthorized access, and unauthorized release, in accordance with legislatory, regulatory, contractual, and business requirements.
‍
Based on the principle of least privilege, we limit employees access to data and tools to only what is strictly necessary to do their jobs.
‍
Data Erasure: Customer data is kept for as long as you remain an active customer. Upon receiving a written request from a customer or after a predetermined period following the end of all customer contracts, this data is deleted from our live databases. Data in replicas, snapshots, and backups is not actively deleted but rather gradually phases out through natural data lifecycle processes. KNOWRON may keep certain data such as logs and associated metadata to fulfill security, compliance, or legal obligations.

Organizational Security

Employee Security Trainings: All employees receive appropriate information security awareness, education, and trainings, as relevant for their job function.
‍
Confidentiality Agreements: All personal working at KNOWRON are required to sign confidentiality agreement prior to onboarding.
‍
Asset Management: Employee assets are safeguarded against malware and theft by implementing robust security measures such as advanced anti-malware software, encryption of drives and strict access controls.

Security Policies

Backup Procedure: KNOWRON backs-up and tests copies of information, software and system images regularly in accordance with an agreed backup policy.
‍
Disaster Recovery plan: The organization shall verify the established and implemented information security continuity controls at regular intervals to ensure that they are valid and effective during adverse situations.Incident Response: KNOWRON’s team provides coverage to respond promptly to all security and privacy events.
‍
Incident response policies and procedures are in place to guide personnel in reporting and responding to incidents.
‍
Internal Assesments: We have established a formal risk assessment process that outlines the steps for identifying both internal and external threats and vulnerabilities, assessing and mitigating risks, and setting risk tolerance levels. This formal risk assessment is conducted at least annually to pinpoint internal and external threats and vulnerabilities that could compromise system commitments and requirements.
‍
Vendor Management: At KNOWRON, we utilize a variety of third-party service providers to assist with both product development and internal operations. We have implemented a vendor management program to guarantee that adequate security and privacy measures are maintained. This program involves cataloging, monitoring, and assessing the security protocols of the vendors who collaborate with KNOWRON.

Resources

Unlock all the resources and get access: contact us at security@knowron.com

Privacy Policy

Your privacy is important to us: our privacy policy explains how we protect your data.
Request Privacy Policy

Acceptable Use Policy

Our usage guidelines: For safe and fair use of our services.
Request Acceptable Use Policy

Terms of Service

Our terms of use: Your rights and obligations at a glance.
Request Terms of Service

Asset Management Policy

Asset management policy: Efficient and secure management of company resources.
Request Asset Management Policy

Security Overview Document

Security overview: How we protect your data and systems.
Request Security Overview Document

ISO Certificate

ISO certificate: Our commitment to the highest quality standards.
Request ISO Certificate

Privacy Policy

Your privacy is important to us: our privacy policy explains how we protect your data.
Request Privacy Policy

Acceptable Use Policy

Our usage guidelines: For safe and fair use of our services.
Request Acceptable Use Policy

Terms of Service

Our terms of use: Your rights and obligations at a glance.
Request Terms of Service

Asset Management Policy

Asset management policy: Efficient and secure management of company resources.
Request Asset Management Policy

Security Overview Document

Security overview: How we protect your data and systems.
Request Security Overview Document

ISO Certificate

ISO certificate: Our commitment to the highest quality standards.
Request ISO Certificate

Data Privacy at KNOWRON: FAQs

Where is the data stored?

The tool data is stored entirely within the EU, specifically in Germany. Documents may be delivered through a Content Delivery Network (CDN) to optimize loading speed. Access to your data is restricted to our clients.

What user data do we store?

At KNOWRON, we prioritize transparency and trust with our users. Our data collection processes are dedicated to enhancing our products and services, ensuring functionality and improving user experience. This includes the analysis of query and usage data to address technical issues promptly and refine our products to better align with user preferences, customer ID and employee ID information. We do not store personal health or credit card information.

How do we process information (GDPR)?

At our software company, we collect two types of data: voluntary feedback and usage analytics. The voluntary feedback we receive helps us understand what users like about our product and what can be improved. The usage analytics provide us with information about how users are interacting with the app and its features.

Please note that we do not collect any personal information, such as user identification or sensitive data. All the data we collect is related to the product and its setup. We take data privacy seriously and are committed to protecting our users' information.

How do you ensure that the documents stay up to date?

Our software product can integrate with your data management system and automatically update it, so you don't have to worry about manual updates. As long as you're connected to the internet, you'll always have access to the most up-to-date version of your documents. No need to manually check for updates or download new versions - it's all taken care of by our system.

What is the architecture being used in the system?

Our platform is hosted on a range of reputable cloud providers, including Heroku, AWS, Azure, and Google. These providers offer dedicated servers located within the EU, ensuring high performance and low latency for our users. If you require more information about our cloud services or specific provider breakdowns, please do not hesitate to reach out to us. Our team is always happy to assist you with any questions you may have. Just send us a question on the bottom of this page.

Is information protected from physical and environmental threats?

Yes, we comply with various standards including A.7.2, A.7.3, A.7.7, A.7.11, and A.7.12, ensuring physical and environmental security. Our measures include securing offices and facilities, maintaining clear desks and screens, and providing support during power failures and disruptions.

Can you provide certificates or audit reports for conformity with international standards?

We are ISO 27001 certified. The certificate can be furnished upon request by our sales team.

Compliance

Security

Resources

Resources

Privacy Policy

Acceptable Use Policy

Terms of Service

Asset Management Policy

Security Overview Document

ISO Certificate

Privacy Policy

Acceptable Use Policy

Terms of Service

Asset Management Policy

Security Overview Document

ISO Certificate

Resiliance

Resilience at scale

Data Privacy at KNOWRON: FAQs

Product

Resources