At Krock.io, protecting your data and ensuring secure collaboration is our top priority. Below you’ll find an overview of how we safeguard accounts, media files, and platform infrastructure.
Encryption & Access Control
- End-to-end 256-bit HTTPS/SSL encryption for all data in transit
- All non-essential ports and external network interfaces are disabled by default
- Krock.io does not store financial or credit card data in our systems
- Account passwords are stored using secure one-way hashing methods
- All client-side communication, sessions, and input are validated server-side
- All media files are stored on Amazon S3
- Account and project data are encrypted and securely stored in our databases
- Critical systems have redundant failovers in place to prevent service disruptions
Source Code Security
- All production code undergoes static code analysis
- Independent third-party security assessments are conducted regularly
- Integration and unit tests cover all critical system components
- All dependencies are reviewed for security and performance issues
- Dependencies are directly bundled into the Krock.io application to prevent supply-chain risks
Key Management
- Strict internal policies govern the assignment and use of access keys
- Master access keys are never distributed to employees
- Keys are never stored in version control systems or as plaintext
- Individual access keys are generated per employee and restricted to developer-only access
Secure Workstations
- All company workstations and laptops use full-disk encryption for sensitive data
- Devices are equipped with anti-malware and antivirus protection
- All client data is anonymized when used in development or testing environments
Employee Security & Awareness
- All Krock.io employees are trained on industry-standard security practices
- Access to resources is granted based on granular role-based permissions
- Any employee access to sensitive data is logged, tracked, and monitored
- Developers work exclusively with anonymized customer data
