Ensuring our platform remains secure is vital and protecting your information is our highest priority.
Good security starts with the people. All our employees are trained to our security and data privacy protocols. Access rights are based on employee’s job function and role.
Sensitive secrets and information is never stored unencrypted. Access to servers is limited, strictly monitored and fully logged.
Two factor authentification is mandatory for all employee accounts for internal apps as well as third-party services.
Web connections to the Kantree service are via TLS 1.2 and above. We support forward secrecy and AES-GCM, and prohibit insecure connections using TLS 1.1 and below or RC4. We have an A+ score from SSLlabs.
Penetration tests are automatically performed on a weekly basis. We follow OWASP best practives.
Database is encrypted at rest. All passwords are hashed using bcrypt.
Access to servers is performed using SSH with certificate only authentification. Each allowed system administrator has its own certificate.
Access to customer data is only done if requested by the customer and logged.
OVH provides DDoS protection.
Data center security
Kantree is hosted by OVH in France. OVH is one of the largest hosting provider in the world and use state of the art security at its data center locations.
Backup & recovery
We perform daily backups of our database, encrypt them in place (AES256) and then store them in AWS S3.
Recovery procedures are tested every quarter.
We are committed to making Kantree consistently available to you and your teams. Our systems are constantly monitored to keep your work uninterrupted. You can always monitor our availability at our status page.