Security

Server locations:

Keatext servers are hosted in a private cloud environment provided by Amazon Web Services, which complies with several security standards. Our databases are protected by a firewall that prevents access by anyone who’s not a database administrator of Keatext or by any application other than Keatext.

Security certifications:

ISO 27001 (Security Management Standard)
ISO 27017 (Cloud Specific Controls)
ISO 27018 (Personal Data Protection)
OWASP Testing Guide

Data backup:

Keatext uses Amazon RDS automated backups and database snapshots to store a full backup of all data daily. All communications with and between Keatext servers is encrypted using industry-standard TLS/SSL.

Outsourcing of information security:

Keatext relies on industry-leading vendors like Amazon to provide services like application hosting, corporate email security and corporate file security.

Credit card information security:

Your credit card information is passed on to the Stripe servers securely and never goes through the Keatext servers.

Privacy policy:

View it here.

Data storage:

Keatext stores all of your data using Amazon Web Services’s main data center located in Northern Virginia.

Data ownership:

Your data is owned by you, and only you choose with whom to share your information with.

Data access:

Our databases are protected by a firewall that prevents access by anyone who’s not a database administrator of Keatext or by any application other than Keatext. Only Keatext administrators and customer/technical support managers have access to your data. Our staff will not access your information, grant access to third
parties or otherwise share your data publicly. If there is a request for support, then the person assigned to the request may, with your permission, log into your account for the purpose of troubleshooting and correcting the reported issue or performing the requested task.

The policies and practices of Keatext, and Amazon Web Services platforms on which Keatext is hosted, are consistent with the objectives of the Health Insurance Portability and Accountability Act (HIPAA) with regard to data security and data privacy.

We only use information that we collect about or from Keatext users, including any personal information, to:

  • Improve services and/or resolve technical issues.
  • Provide customer support.
  • Fulfill any other purpose for which you provide it.

Data deletion:

Deleting your content may not immediately remove the content you have published from our systems, because of caching, backups, or other references to your account. Keatext guarantees full erasure of deleted data within 30 days of deletion.

Scheduled maintenance and downtime:

We usually notify customers by email or in-app messages at least 24 hours in advance of any scheduled maintenance or downtime.

Infrastructure & applications access:

The HTTPS protocol keeps your data and passwords safe while they are transferred to our servers, and passwords are encrypted using a one-way hash before they are stored once they reach their destination (basically, we don’t know your password). Internal access to Keatext servers is controlled by strict firewall rules. All access to Keatext is governed by access rights, authenticated by username and password. Keatext administrators can provision more granular access privileges for your users, such as read/write access to a Salesforce or Zendesk integration.

For more details about privacy and confidentiality please visit our Keatext Subscription Agreement page.