Ensuring our platform remains secure is vital and protecting your information is our highest priority.

Company security

Good security starts with the people. All our employees are trained to our security and data privacy protocols. Access rights are based on employee’s job function and role.

Sensitive secrets and information is never stored unencrypted. Access to servers is limited, strictly monitored and fully logged.

Two factor authentification is mandatory for all employee accounts for internal apps as well as third-party services.

System security

Web connections to the Kantree service are via TLS 1.2 and above. We support forward secrecy and AES-GCM, and prohibit insecure connections using TLS 1.1 and below or RC4. We have an A+ score from SSLlabs.

Penetration tests are automatically performed on a weekly basis. We follow OWASP best practives.

Database is encrypted at rest. All passwords are hashed using bcrypt.

Access to servers is performed using SSH with certificate only authentification. Each allowed system administrator has its own certificate.

Access to customer data is only done if requested by the customer and logged.

OVH provides DDoS protection.

Data center security

Kantree is hosted by OVH in France. OVH is one of the largest hosting provider in the world and use state of the art security at its data center locations.

You can read more about security at OVH on their Security page.

Files and backups are hosted in AWS S3 at their Ireland data center. Amazon also provides state of the art security for all their data center. Read more on their security page.

Backup & recovery

We perform daily backups of our database, encrypt them in place (AES256) and then store them in AWS S3.

Recovery procedures are tested every quarter.

Privacy

See our Privacy Policy.

Availability

We are committed to making Kantree consistently available to you and your teams. Our systems are constantly monitored to keep your work uninterrupted. You can always monitor our availability at our status page.