Benefits
Customers
Country Availability
Resources
Pricing
At Kota, we are dedicated to providing world-class data protection standards to ensure your data's safety and compliance with regulatory requirements. Below, you will find detailed information on our security approach. For further inquiries, contact us at [email protected].
You can visit our trust center to request copies of our policies, our ISO audit report and view our real-time controls monitoring.
- Hosted in the EU
- ISO27001:2022 compliant
- GDPR compliant
- Multi-layer encryption
- PCI compliant payments
Our infrastructure is hosted on servers within the European Union, enabling us to meet the specific regulatory and compliance needs of European organisations. We utilise Microsoft Azure, which holds multiple certifications, including ISO 27001, SOC 1, SOC 2, SOC 3, HIPAA, GDPR and more. All data is encrypted both in transit and at rest with strong encryption (AES256).
Kota has completed its ISO27001:2022 audit, validating the effectiveness of our security processes and controls. Our approach to product design, architecture, automated monitoring, and formal policies ensures our security posture remains up-to-date.
Kota is committed to complying with the General Data Protection Regulation (GDPR) and assisting our customers in achieving compliance.
Our hosting environment is fully redundant and includes disaster recovery procedures. Our cloud hosting providers, including Google Cloud Platform, maintain several certifications for their data centers, such as ISO 27001, PCI certification, and SOC. More information on their certifications and compliance can be found on the Google Cloud Platform security site.
We perform daily automated backups of our databases to ensure data safety and availability.
We maintain detailed logs to provide a high-resolution trail of actions performed across the platform, aiding in incident investigations if needed.
All user data is securely transported with encryption in transit via SSL, protecting it from unauthorised access, modification, and man-in-the-middle attacks. We employ 256-bit SSL/TLS 1.3 encryption, using both ECDSA and RSA algorithms.
Beyond standard encryption in transit and at rest (AES256), we also utilise at-work encryption in our database. This ensures sensitive data remains encrypted during database operations, protecting it from exposure during maintenance and service activities.
Kota partners with Stripe for payment card processing, ensuring we do not store any credit card information. Stripe meets PCI Service Provider Level 1 standards, using AES256 encryption at rest, which is the highest certification available in the payments industry.
Access to customer data is strictly limited and audited. Only necessary personnel can access the system, and multiple layers of controls are in place. Access sessions require valid consent or justification and are subject to an auditing access path.
In the event of a data breach involving personal data, we will promptly notify the local authority and the affected individuals (data subjects).
Kota complies with all applicable Data Protection Laws when processing Company Personal Data, ensuring data is processed only according to the relevant Company's documented instructions.
Automated systems monitor the versions and vulnerabilities of all code powering Kota. Our infrastructure is continuously updated to the latest, most secure software versions.
Extensive automated tests are run after each code change to verify the correctness of Kota features, including authentication and the permission system.
Our application enforces HTTPS for all requests, securing all traffic in transit and protecting against protocol downgrade attacks.
We use a range of security headers, including X-Frame-Options, X-XSS-Protection, and Content-Security-Policy, to mitigate common security issues.
If you discover a vulnerability in Kota or have a security incident to report, please contact us at [email protected].
By submitting a report, you agree not to disclose your findings or submission contents to third parties without Kota’s prior written approval. Detailed and quality reporting, including a working proof of concept, is essential to us.
Benefits you and your employees will love using