Security and Compliance

Secure at every step of the process

A certain amount of confidence is needed when relying on third-party vendors to manage and handle your online data securely. Cloud security is important because it is essential for protecting hosted information - we understand that even small gaps in security coverage can put everything at risk including your data, customer information, uptime, and potentially a company’s reputation. Thus, we prioritize security above everything else.

GDPR

CloudKarafka complies with the European General Data Protection Regulation (GDPR). For more information see CloudKarafka and GDPR

Annual Security Awareness Training

Effective security requires threat identification through proactive risk assessment. All employees undergo pre-employment background checks and participate in annual security awareness training.

Patch management

Security updates based on advisory for our servers and associated devices are automatically handled by us.

End-to-end data encryption

We enforce TLS to secure data in transit. TLS has to be enabled to and from the application to ensure secure transit between CloudKarafka and their application.

GCP and AWS VPC isolation

Clients have the option to define a private network in the cloud (VPC) for instances created in AWS or GCP. A VPC provides a deny-all-by-default security to the instance.

Security policy

For more information, please read our security policy which demonstrates our commitment to information security.

ISO27001

CloudKarafka is not yet certified compliant with ISO27001. We are always aiming to meet requirements listed in ISO27001 and will try to get the certificate in place in a near future.

HIPAA

CloudKarafka is not yet compliant with HIPAA. We are always aiming to meet requirements listed by HHS and will try to reach compliance in a near future.

Privacy Shield

84codes is a Swedish company and doesn’t need to be Privacy Shield certified as we comply with the GDPR. The Privacy Shield Framework is purely a means for US companies to opt into a higher standard of data protection than the basic US laws require, as they are not seen as adequate for GDPR on their own. Many of the US-based data centers you can choose to use for your CloudKarafka hosting are certified under the Privacy Shield.

SOC2

CloudKarafka is not yet certified compliant with SOC2. We are working on a report, that we will try to have in place before the end of this year.