Security and Compliance

Secure at every step of the process

Cloud security is important for the protection of hosted information. Even small gaps in security coverage can put everything at risk, including data, customer information, uptime, and potentially a company’s reputation. A certain amount of confidence is needed when relying on third-party vendors to manage and handle your data. This is exactly why we prioritize security above everything else.

GDPR

We comply with the European General Data Protection Regulation (GDPR). Read more about CloudKarafka and GDPR

SOC 2 Type 2

We are proud to be compliant with SOC 2 by AICPA. We have been audited against the Security (common criteria) and Availability Trust Services Criteria.

Our SOC 2 Type 2 report can be obtained under an NDA per request. Please send an email to compliance@cloudkarafka.com

SOC 3

SOC 3 is a public summary of our "SOC 2 type 2" report that outlines the work done by our independent service auditor.

Read: SOC 3 Security and Availability Report

Information Security Program

Our Information Security Program includes all security policies and defines our organization-wide approach to system and data protection. Among other things, the program includes how the service is designed and developed, how the system is operated, how the internal systems and networks are managed, and how employees are hired and trained.

Patch Management

We automatically handle security updates based on advisory for our servers and associated devices.

End-to-End Data Encryption

To secure data in transit, we enforce TLS. Clients have the option to enable TLS to and from the application to ensure secure transit between CloudKarafka and their application.

Instance Isolation

Instances are isolated from each other on a network level. Policies enforce deny-all-by-default security to instances.

People Operations

Customer data access is limited to specific employees at CloudKarafka. All employees undergo pre-employment background checks and participate in annual Security Awareness training, as well as Compliance & Policy training.

Security Policy

For more information, please read our security policy which demonstrates our commitment to information security.