DottedSign was developed by Kdan Mobile Software, Ltd., and uses Kdan Mobile's security model to protect user and company data. Please read the following information to learn more about Kdan's security capacities:
Thank you for using Kdan Mobile's products and services. We understand how important the security and privacy of your data is. We are dedicated to providing a reliable and secure environment on Kdan Cloud and all cloud-based applications and services. The information on this page is intended to provide transparency about how we protect data stored and processed in our system.
We continue to perform security checks on a regular basis, including monitoring the infrastructure for suspicious activities or potential threats, examining the company's information security risks, updating the security model, and addressing new security issues. With this management process, we ensure that the security controls continue to meet the company's evolving information security needs.
We secure our network boundaries using a combination of load balancers, firewalls, and VPNs to control which services we expose to the Internet and to segment our production network from the rest of our computing infrastructure. We strongly authenticate and limit the access to our production infrastructure based on business needs to protect our data and network security. The firewalls are configured to serve as perimeter firewalls to block ports and protocols, and used in applications and the Cloud to shield them from attack and the loss of valuable customer data.
Kdan Mobile requires an 8-digit password for your account (Kdan ID). We encourage you to choose a complex password that is different from any other site you log into and contains a mix of letters and numbers. We never store your password in plain text.
Kdan Mobile uses several email domains to run services. Each domain serves a different purpose, such as sending system notifications, providing communications, or sharing marketing information.
We perform an in-depth analysis of security and privacy checks on any feature or code implemented into our systems or products. The code is saved into a git version control repository and evaluated in a test environment before deploying into our production environment.
Our development team improves code security hygiene, and periodically assesses our service for common application security issues including: CSRF, injection attacks (XSS, SQLi), session management, URL redirection, and clickjacking. Our service authenticates all third party client applications using OAuth, which allows you to connect a third party application to your account without needing to give the application your login credentials. Once you authenticate Kdan Mobile's services successfully, we return an authentication token to the client to authenticate your access from that point forward. This eliminates the need for a third party application to store your username and password on your device.
Kdan Mobile retains all the files and content in your applications unless you take explicit steps to delete the files or remove the application from your device without backup. For information on how to delete files, please follow the instructions in the applications:
If you store files in Kdan Cloud, the files stored in the 500MB free cloud storage will always remain in the cloud storage unless you take actions to delete the files or request our customer support team to delete your Kdan account.
If you subscribe to Kdan's services and gain cloud storage based on your subscription plan and terminate your subscription at a later time, upon the expiration of subscription and the 60-day of Grace Period, Kdan may, at its sole discretion, delete or remove any and all files from the cloud storage. For information about the subscription expiration policies, please refer to our Terms of Service, titled "Subscription Expiration.”
If you would like to delete or deactivate your Kdan account, you may contact our support team at https://www.kdanmobile.com/contact. Please note that once your Kdan account is deleted, the files stored in Kdan Cloud storage will be deleted permanently.
Kdan's server is hosted on the Amazon Web Services (AWS) infrastructure. AWS is a trustworthy service in the industry and has a detailed explanation on their security measures. You may find more information in the following links:
We know the data you store in Kdan's service is private and confidential. We have strict controls over who can access the internal data to make sure your data is safe and private. At the Kdan team, no one, other than authorized developers, can access our database. This only happens if it is necessary to solve client-related issues or optimize system performance.
We perform server-side logging of customer interaction with our services, including web server or application access, as well as activity logging through our API. You can contact our customer service to check the latest access time of each application linked to your account.
Kdan collects and stores production server logs to analyze and monitor the security status of our production infrastructure. Logs are stored and indexed in a separate network.
Kdan ensures our user data is protected at all times by encrypting data on all servers at rest or in transit. We use TLS v1.2 with strong ciphers to protect data and use AES-256 to encrypt data in transit. User passwords are hashed and salted with a modern hash function. By utilizing the technologies provided by Amazon Web Services (AWS), we make sure our user data is highly secured in the network.
We constantly backup user data on the AWS network. All data is backed up on a daily basis. Backups are encrypted and distributed to various locations, where they are retained for 30 days. Our data recovery plan runs on a daily basis.
Kdan's system and user data are deployed and secured on the AWS network. Amazon data centers are built upon high standard technologies and follow the best security practices in the industry. The physical security controls are constructed strictly to avoid any system failure and retain the resilience of the computing center.
For more information about the AWS data centers, please refer to the following link: https://aws.amazon.com/compliance/data-center/data-centers/.
The security information was last updated on April 15th, 2022.