Thank you for using Kdan Mobile Software Ltd. (“Kdan”) products and services. Please read the following information to understand Kdan’s Security Policy:
We understand how important the security and privacy of your data is. We are dedicated to providing a reliable and secure environment on cloud storage space and all cloud-based applications and services. The information on this page is intended to provide transparency about how we protect user’s data when user using Kdan products or services.
We continue to perform security checks on a regular basis, including monitoring the infrastructure for suspicious activities or potential threats, examining the company's information security risks, updating the security model, and addressing new security issues. With this management process, we ensure that the security controls continue to meet the company's evolving information security needs.
We secure our network boundaries using a combination of load balancers, firewalls, and VPNs to control which services we expose to the Internet and to segment our production network from the rest of our computing infrastructure. We strongly authenticate and limit the access to our production infrastructure based on business needs to protect our data and network security. The firewalls are configured to serve as perimeter firewalls to block ports and protocols, and used in applications and the Cloud to shield them from attack and the loss of valuable user data.
An 8-digit password is required for your Kdan account (Kdan ID). We encourage you to choose a complex password that is different from any other site you log into and contains a mix of letters and numbers. We never store your password in plain text.
Please keep your password and or any personal information safe and do not provide any personal information, especially your password, to anyone.
Kdan uses several email domains to run services. Each domain serves a different purpose, such as sending system notifications, providing communications, or sharing marketing information.
When you receive an email from Kdan or our products, we want you to be sure it's from us instead of from hackers or phishing websites. If you receive an email from one of these domains, you can trust that it is from us:
We perform an in-depth analysis of security and privacy checks on any feature or code implemented into our systems or products. The code is saved into a Git version control repository and evaluated in a test environment before deploying into our production environment.
Our development team improves code security hygiene, and periodically assesses our service for common application security issues including: CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking. Our service authenticates all third party client applications using OAuth, which allows you to connect a third party application to your account without needing to give the application your login credentials. Once you authenticate Kdan's services successfully, we return an authentication token to the client to authenticate your access from that point forward. This eliminates the need for a third party application to store your username and password on your device.
Customer Data Security
(1) Kdan will limit the collection, storage and use of your Personal Data to only that what is necessary for the intended purposes.
(2) Kdan's server is hosted on the Amazon Web Services (AWS) infrastructure. AWS is a trustworthy service in the industry and has a detailed explanation of their security measures. You may find more information at the following links:
We know the data you store in Kdan's products or services is private and confidential. We have strict controls over who can access the internal data to make sure your data is safe and private. At the Kdan team, no one, other than authorized developers, can access our database. This happens only if it is necessary to solve client-related issues or optimize system performance.
We perform server-side logging of customer interaction with our services, including web server or application access, as well as activity logging through our API. You can contact our customer service to check the latest access time for each application linked to your account.
System Monitoring and Alerting
Kdan collects and stores production server logs to analyze and monitor the security status of our production infrastructure. Logs are stored and indexed in a separate network.
Kdan ensures our user data is protected at all times by encrypting data on all servers at rest or in transit. We use TLS v1.2 with strong ciphers to protect data and use AES-256 to encrypt data in transit. User passwords are hashed and salted with a modern hash function. By utilizing the technologies provided by Amazon Web Services (AWS), we make sure our user data is highly secured in the network.
We constantly backup user data on the AWS network. All data is backed up on a daily basis. Backups are encrypted and distributed to various locations, where they are retained for 30 days. Our data recovery plan runs on a daily basis.
Modifications to Security Policy
Considering the rapid development of technology, Kdan may update this Security Policy from time to time to reflect changes in law, technology or business development in accordance with relevant legal requirements. You agree that you will be responsible for examining this Security Policy on a regular basis. By continuing the use of Kdan’s products or services, you are deemed to accept the updated Security Policy. If you disagree with the updated Security Policy, please cease using Kdan’s products or services. When this Security Policy is updated, we will forthwith publish the updated version on Kdan’s website, and will notify our users via a Kdan App or email as soon as possible.
Physical Security Protocols
Kdan's system and user data are deployed and secured on the AWS network. Amazon data centers are built upon high standard technologies and follow the best security practices in the industry. The physical security controls are constructed strictly to avoid any system failure and retain the resilience of the computing center.
For more information about the AWS data centers, please refer to the following link: https://aws.amazon.com/compliance/data-center/data-centers
The Security Policy was last updated on October 23rd, 2023.