search

Compliance & Standards

Kaana's commitment to security standards and regulatory compliance.

hashtag
Security Standards

hashtag
Infrastructure Security

Our infrastructure follows industry best practices:

Standard
Description

SOC 2

Security, availability, and confidentiality controls

TLS 1.3

Latest encryption for data in transit

AES-256

Strong encryption for data at rest

hashtag
Application Security

  • Regular security assessments

  • Dependency vulnerability scanning

  • Secure development practices

  • Code review requirements

hashtag
Data Protection

hashtag
Encryption

All sensitive data is protected:

  • In Transit – TLS 1.3 encryption for all connections

  • At Rest – AES-256 encryption for stored data

  • Backups – Encrypted backup storage

hashtag
Access Controls

  • Role-based access control (RBAC)

  • Principle of least privilege

  • Regular access reviews

  • Multi-tenant data isolation

hashtag
Privacy Compliance

hashtag
General Practices

We follow privacy principles including:

  • Data minimization (collect only what's needed)

  • Purpose limitation (use data only as stated)

  • Transparency (clear privacy policies)

  • User rights (access, correction, deletion)

hashtag
Your Rights

Depending on your location, you may have rights to:

  • Know what data we collect

  • Access your personal data

  • Correct inaccurate data

  • Delete your data

  • Export your data

  • Restrict processing

Contact us to exercise these rights.

hashtag
Business Continuity

hashtag
Availability

  • High-availability infrastructure

  • Geographic redundancy

  • Automatic failover

  • Regular uptime monitoring

hashtag
Disaster Recovery

  • Regular automated backups

  • Point-in-time recovery capability

  • Tested recovery procedures

  • Recovery time objectives defined

hashtag
Data Backup

Backup Type
Frequency
Retention

Database

Continuous

30 days

Full backup

Daily

30 days

Archive

Weekly

90 days

hashtag
Vendor Management

hashtag
Third-Party Security

All vendors are evaluated for:

  • Security certifications

  • Data handling practices

  • Compliance status

  • Incident response capability

hashtag
Key Vendors

Vendor
Purpose
Compliance

Neon (PostgreSQL)

Database

SOC 2

Auth0

Authentication

SOC 2, ISO 27001

Stripe

Payments

PCI DSS Level 1

OpenAI

AI services

SOC 2

SendGrid

Email

SOC 2

hashtag
Incident Response

hashtag
Our Process

1

Detection

Identify and confirm the incident.

2

Containment

Limit the impact.

3

Investigation

Determine cause and scope.

4

Notification

Inform affected parties.

5

Remediation

Fix the issue.

6

Review

Prevent future occurrences.

hashtag
Notification

We will notify you promptly if:

  • Your data may have been compromised

  • A security incident affects your account

  • Action is required on your part

hashtag
Security Documentation

hashtag
Available Upon Request

For enterprise customers, we can provide:

  • Security questionnaire responses

  • Detailed architecture documentation

  • Compliance attestations

  • Penetration test summaries

Contact your account manager for access.

hashtag
Continuous Improvement

We continuously enhance our security:

  • Regular security training for staff

  • Ongoing vulnerability assessments

  • Security tool updates

  • Process improvements

hashtag
Questions?

chevron-rightHave compliance or security questions?hashtag

Contact our team for more information about our security practices.

PreviousAuthentication SecurityNextSecurity Settings

Last updated

Was this helpful?