Krock.io Logo
Privacy & data governance
Privacy & data governance

Privacy & data governance

Effective Date: 20 August 2025
Privacy & data governance
Privacy & data governance

Maintaining your data secure is our top priority!

Our goal is to ensure a safe environment for our users while providing an impeccable performance of our platform.

Compliance

Krock.io’s infrastructure is based on a hybrid hosting model:

  • Core application servers are hosted on DigitalOcean, a U.S.-based cloud infrastructure provider headquartered in New York City with global data centers.
  • Media storage and processing are handled exclusively on Amazon Web Services (AWS), a leading global cloud services provider headquartered in Seattle, Washington, with data centers worldwide.

Both providers maintain enterprise-grade security, compliance, and privacy frameworks, while our team applies additional organizational and technical measures to guarantee data protection for our customers.

 

DigitalOcean Certifications

DigitalOcean’s infrastructure is certified for:

  • SOC 2 Type II
  • CSA STAR Level 1

AWS Certifications

AWS has achieved numerous third-party certifications and attestations, including but not limited to:

  • SOC 1, SOC 2, SOC 3
  • ISO 27001, ISO 27017, ISO 27018
  • PCI DSS Level 1
  • FedRAMP Moderate & High, FISMA
  • CSA STAR Certification

Independent audit reports (such as SOC reports, ISO certificates, PCI Attestations of Compliance) can be accessed directly via the respective providers’ portals:

  • DigitalOcean: by contacting privacy@digitalocean.com
  • AWS: through the AWS Artifact portal

By building on these secure infrastructures, Krock.io aligns with globally recognized standards for information security and privacy.

Privacy & data governance
Privacy & data governance
Privacy & data governance
Privacy & data governance

Retention Policy

Krock.io collects and retains the Personal Information we receive as described in this Privacy Policy for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected – provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. Please visit our Privacy Policy to know more about:

  • what type of Information Krock.io collects;
  • how Krock.io uses cookies;
  • which Information will be publicly visible on the Service;
  • how Krock.io uses Personal Information to provide You with the Service;
  • how Krock.io uses Personal Information for marketing purposes;
  • how long Krock.io stores Personal Information.

Archiving Policy

Krock.io may process your Personal Information for archiving purposes unless You request not to do so by contacting us through legal@krock.io

 

If you are a European Union resident, under GDPR, Krock.io can process your Personal Information for archiving purposes beyond the stated retention period if doing so is in the public interest or for historical, scientific, or statistical purposes. We ensure that archiving does not contravene the rights and freedoms of data subjects and that appropriate technical and organizational safeguards are in place, such as data minimization, pseudonymization, or encryption.

Destruction Policy

In case you would like Krock.io to delete your Personal Information, and if the erasure of that Personal Information does not interfere with Krock.io providing the Services, you may place such a request through legal@krock.io. We will process such requests in accordance with the applicable laws of your country of residence. To protect your privacy, Krock.io may take steps to verify your identity before fulfilling your request.

Data governance policy

In case you would like to: (i) request confirmation of whether Krock.io is processing your Personal Information; (ii) obtain access to or a copy of your Personal Information; (iii) receive an electronic copy of Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”); (iv) restrict our uses of your Personal Information; (v) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Information; and if such request does not interfere with Krock.io providing the Service you may place such a request through legal@krock.io. We will process such requests in accordance with the applicable laws of your country of residence. To protect your privacy, Krock.io may take steps to verify your identity before fulfilling your request.

 

If you are a European Union resident, you have the right to: (i) obtain access to or a copy of your Personal Information; (ii) restrict our uses of your Personal Information; (iii) seek correction or amendment of inaccurate, untrue, incomplete, or improperly processed Personal Information held about you by Krock.io, subject to certain exceptions prescribed by law. If you would like to exercise any of these rights, please contact us at legal@krock.io. We will process such requests in accordance with applicable laws. To protect your privacy, Krock.io may take steps to verify your identity before fulfilling your request.

Data storage policy

Personal Information that Krock.io collects about you may be transferred to, stored at, and processed by Krock.io and other third parties outside the country in which you reside, where data protection and privacy regulations may not offer the same level of protection as in other parts of the world. By using Krock.io, you agree to this transfer, storing, or processing. Krock.io will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.

 

Your project, your team’s project, and task data will never be transferred to unauthorized third parties. The only data Krock.io may share with third parties is for analytics, error tracking, and marketing purposes, as outlined in our Privacy Policy.

  • Core application servers (user management, authentication, business logic) are hosted on DigitalOcean IaaS.
  • Media data (files, assets, project uploads) are stored and processed on Amazon Web Services (AWS) infrastructure, benefiting from AWS’s encryption, monitoring, redundancy, and compliance framework.

Additional Security Practices

  • Secure Connections: All connections to Krock.io servers are encrypted using the secure HTTPS (TLS) protocol, ensuring the confidentiality and integrity of data transmissions.
  • Authentication & Tokens: Authorization tokens are stored locally on the user’s device. Users are responsible for safeguarding their authentication tokens, as is standard practice for any online service. For additional protection, Krock.io provides an option for two-factor authentication (2FA) to strengthen account security.
  • Media Data Storage: All media files and project data are stored securely on Amazon Web Services (AWS) infrastructure, leveraging AWS’s security and compliance controls.
  • Shared Links & Media File Access: Shareable links are, by definition, public. However, they are generated using randomized, non-sequential identifiers. Media file names are also randomized.

Additional documentation:

Experience a Faster Review Process with a Free Trial