Security Policy
All our customers have a natural and high expectation when it comes to our services and the security we provide. Therefore, it is of the highest importance for us to protect our customer’s data. Consequently, we do our utmost every day to maintain their trust in the service, security, and platform we provide. We furthermore urge you to also read about our privacy policies,
Overview
All our customers have a natural and high expectation when it comes to our services and the security we provide. Therefore, it is of the highest importance for us to protect our customer’s data. Consequently, we do our utmost every day to maintain their trust in the service, security, and platform we provide. We furthermore urge you to also read about our privacy policies. .
Infrastructure
At NOKRs we run our services in the cloud and, as such, outsource our infrastructure. Our chosen provider Digital Ocean is certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, our infrastructure provider has demonstrated a commitment to protecting sensitive customer and company information. Please visit their site: www.digitalocean.com/legal/ for more information regarding compliance and security matters.
EU-U.S. and Swiss-U.S. Privacy Shield Certification
We are an active participant in and comply with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce and the European Commission.
Server access
It is only possible for the owner and lead developer of NOKRs to access the server files & database through SSH key pairs only. This means that access is only allowed if the connecting users key matches the key on the server.
Authentication and network
Encryption in transit
All application network traffic is secured behind SSL (Https protocol).
When browsing the NOKRS application, your browser and the webserver establishes an SSL connection using a process called (SSL Handshake). This handshake ensures that only your browser and the webserver can encrypt and decrypt any data going back and forth.
Therefore, data in transit can not be read, altered, or decrypted by third parties.
Encryption and passwords
All passwords are encrypted using BCRYPT, which is far more secure than any SHA hashing.
Passwords are stored in our database as an encrypted hash, using the BCRYPT algorithm. This type of encryption is almost impossible to brute force and requires tremendous amounts of computing power to do. Passwords are never stored unencrypted.
Furthermore, users of NOKRs can use two-factor authentification (2FA) when they access their data and thereby enhance security. This feature is an add-on service delivered as an opt-in solution.