Konfirmity Pte Ltd
At Konfirmity, we prioritize the security and privacy of our customers. We have a dedicated cybersecurity team that ensures the highest level of security across all aspects of our business.
Product Security
Audit Logging
All user activities within our product are logged for auditing purposes.
Integrations
We carefully review all integrations to ensure they meet our high standards for security and privacy.
Security Contact
For any security related concerns, customers can directly get in touch with our security team.
Multi Factor Authentication
Our product offers multi-factor authentication to enhance account security.
Role Based Access Control
Access to sensitive data and systems is controlled based on user roles within the organization.
SSO support
We provide SSO support for seamless and secure user experience.
Reports
Pen Test Report
Periodic penetration testing reports are generated which demonstrate our ongoing commitment to security.
Architecture Diagram
Our security architecture diagram is part of our comprehensive security documentation.
Certifications
We comply with various industry security standards and are in the process of obtaining several security certifications.
Data Security
Access Monitoring
We diligently monitor data access and every access is logged and audited for anomalous activities.
Backups
Data backups are performed regularly to ensure business continuity and to protect against data loss.
Encryption
All data, both at rest and in transit, is encrypted using industry-standard encryption algorithms.
Physical Security
Our datacenters are secured with physical access control and surveillance.
App Security
Code Analysis
Our development team periodically performs code analysis for any vulnerabilities and we use static analysis tools to detect any potential security vulnerabilities in the source code.
Secure Development Practices
We follow secure coding standards, such as OWASP, and perform regular code reviews to minimize security risks.
Web Application Firewall
We employ a Web Application Firewall that guarantees a strong line of defense against malicious attacks like SQL Injection and cross-site scripting.
Privacy Policy
Our privacy policy can be found at https://app.konfirmity.com/privacy-policy. It emphasises on the protection of customer data and their privacy rights.
Terms of Service
The terms of service for Konfirmity is available at https://app.konfirmity.com/terms. It defines the rules and guidelines for using our applications and services.
Subprocessors
We strictly monitor and control the subprocessors to ensure data security and privacy.
Data Processing Agreement
We have a robust data processing agreement in place that complies with data protection laws and regulations.
Access Control
Data Access
We ensure that data access is granted only to authorized personnel and it is based on the principle of least privilege.
Logging
All activities are logged for audit and review purposes.
Password Security
We enforce strong password policies, including complex password requirements and mandatory change of passwords at regular intervals.
Infrastructure
Anti DDoS
We have anti-DDoS measures in place to mitigate any potential DDoS attacks.
Business Continuity and Disaster Recovery
We have a robust business continuity and disaster recovery plan to ensure service availability.
Infrastructure Security
Our infrastructure is designed with multiple layers of protection to protect our systems and data.
Cloud Infrastructure Provider
Our secure, scalable cloud infrastructure is hosted by an industry-leading provider.
Separation between Production and non-production
We have strict policies that separate our production and non-production environments.
Endpoint Security
Disk Encryption
All our devices have full disk encryption enabled.
MDM
We use Mobile Device Management (MDM) solutions to manage and secure company-owned devices.
Threat Detection
We have advanced threat detection solutions in place capable of detecting suspicious activities.
Network Security
Real time security and events management
We use a SIEM system for real-time analysis of security alerts.
Zero Trust
We employ a Zero Trust Model across our company that makes sure every access request is authenticated.
Corporate Security
Email protection
We have email protection measures in place such as anti-phishing and anti-malware.
Employee Training
All our employees undergo regular cybersecurity training to ensure they are aware of the latest threats and best practices.
Incident Response
We have an incident response process in place that provides guidance on handling any potential security incidents.
Internal Assessments
We conduct regular internal security and compliance audits.
User Account Protection
We have implemented measures like two factor authentication to protect user accounts.
Penetration Testing
Regular penetration testing is performed by external cybersecurity vendors.
Security Grades
CryptCheck
https://cryptcheck.fr/https/konfirmity.com
HSTS Preload List
https://hstspreload.org/?domain=konfirmity.com
Qualys SSL Labs
https://www.ssllabs.com/ssltest/analyze.html?d=konfirmity.com
Security Headers
https://securityheaders.com/?q=konfirmity.com&followRedirects=on
