Encryption in transit

We have best-in-class security, periodic audits, and continuous monitoring to ensure that your data is always secure. Krank uses SPRINTO to stay ISO 27001 and GDPR (EU) compliant.

Secure
infrastructure / Application

Krank’s computing infrastructure is provided by AWS, a secure cloud services platform. AWS’s physical infrastructure has been accredited under SOC 2, ISO 27001, PCI Level 1 and FISMA Moderate.

Vulnerability
Scanning & Patching

We periodically check and apply patches for third-party software/services. As and when vulnerabilities are discovered we apply the fixes within pre-defined SLAs.

Penetration Testing

We conduct periodic penetration tests to ensure the security posture and uncover potential vulnerabilities, using the services of an independent, qualified third party VAPT service.

Data Encryption

All sensitive data is encrypted at rest with AES. All user passwords are securely hashed; passwords are never stored in plain text.

Application access

All data access to Krank is protected by a role-based access-control (RBAC) system, which only lets users view data for which they have permission. It’s impossible for users to view data from organizations other than their own.

Access Control

All access to our production infrastructure requires multi-factor authentication and is restricted to authorized personnel only. We limit access to customer data to the employees who need it to provide support and troubleshooting on the customer’s behalf. Accessing customer data is done solely on an as-needed basis.

Security Training

All Krank personnel are required to undergo a security training, specifically designed for a cloud-hosted setup. It covers industry best practices around typical human-based-attack vectors involving phishing, passwords, attachments etc.

Disclosure

We are committed to making our system secure.
If you find a security issue, please send it to security@krank.com. We will make sure the issue is fixed and updated at the earliest.