Industry-standard trust principles
Klaus has successfully completed its SOC 2 Type I audit for controls relevant to security, availability, and confidentiality. This means that an independent third party has both validated our processes and practices, and confirmed our ability to maintain compliance with the controls we’ve implemented.
Klaus’ SOC 2 Report is available upon request and under an NDA.
A company built in a GDPR world
Born in Europe, Klaus was just a kitten when the GDPR was passed so Klaus doesn’t even know a world where personal data wouldn’t have to be treated with the utmost respect.
We’ve designed processes from the ground up to comply with our obligations to customers and data subjects both as a processor and a controller (and we know the difference between the two).
We keep customer data in the EU region of the Google Cloud (ISO/IEC 27001 certified) and carefully vet any service providers that process personal data for us.
You have full control over your data
Data minimization is fundamental to security and privacy. We’ve got a bunch of options to prevent the processing of data you don’t need for review purposes – you can easily configure these as you connect your customer conversation platform.
Additionally, our role management features provide admins granular control over what other users can see and do on the platform. If you want to delete your data, that’s just a push of a button with a clever confirmation to avoid accidents.
Secure Google Cloud with all the bells and whistles
Klaus runs on cutting-edge technology in the Google Cloud making use of best practices and tools that ensure your data and the conversations are kept safe – what happens in Klaus, stays in Klaus. But you can always invite your teammates to Klaus if you want to share something pawsome 😉
The tech details
We’ve got GCP security services in place to protect against attacks and abuse, such as DDoS attacks and the top 10 risks identified by OWASP. Servers are hardened with restrictive firewalls, and allow only secure logins, and maintain audit logs of all issued commands.
Strict identity and access management rules and our use of Google’s Identity-Aware Proxy ensure that only cool cats (i.e. authorized users) can access the Klaus resources.
Regular vulnerability scans are run by a dedicated tool and we use tools like Google Container Analysis so patches get done quickly as a point of pride for our engineering team.
Klaus forces HTTPS for all services using TLS 1.2+ (SSL), including our public website and our app, to keep your data safely encrypted in transit. Your data is also encrypted at rest with LUKS. We use HSTS to ensure browsers interact with Klaus only over HTTPS. We use various other HTTP security headers to keep our network traffic as restricted as possible.
We send you emails only from klausapp.com addresses and we have set up DMARC reject mode to make it hard for criminals to send phishing emails from our domain.