Security Summary

The following summary is provided in the context of the cellLoop application provided by Kyndling Limited.

Glossary

●  Security Summary: Below

●  Subprocessors: Below

●  Privacy Policy: Here

●  Cookie Policy: Here

●  Website Terms & Condition: Here

●  Product Terms & Conditions: Here

Infrastructure

System architecture

Kyndling operates a cloud-based network within Amazon Web Services (AWS), which provides secure hosting of network and production systems.

Data centers

Our platform is hosted and managed with Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

We make significant use of the services provided by AWS to increase privacy and network access throughout our system. More information on AWS security is available at AWS Services in Scope.

Firewall

Our services are protected by firewalls provided by AWS and not directly exposed to the Internet.

Subprocessors and key vendors

We audit our subprocessors and key vendors to ensure they maintain suitable security. Many of our vendors have SOC2 or similar. More on our subprocessors below.

PCI compliance

All credit card payments made to Kyndling are processed by our partner, Stripe. More information about Stripes security posture and PCI compliance can be found at at their Security page

Data

Data storage

Kyndling data stores are accessible only by servers that require access.

Backups

We maintain secure encrypted backups of important data for up to 90 days. We do not retroactively remove deleted data from backups as we may need to restore it, if removed accidentally.

Authentication

Passwords

We utilise security experts, Auth0, to maintain access to the platform and store passwords. We do not store your account passwords in Kyndling databases.

User roles

We provide user roles with different permissions levels within the product: Owner, Editor, Sharing and Viewer.

Encryption

HTTPS

All Kyndling web traffic is served over HTTPS.

Encryption

Our primary databases, including backups are fully encrypted at rest. In addition, data is encrypted in transit. We use industry standard encryption algorithms.

Service Data

The cellLoop platform collects the following service data to ensure operation of the platform. We only collect this information whilst you are recording within the cellLoop tool. No Service Data is collected when you are not recording a loop.

●  Media: we record video and sound from your webcam and/or microphone. We also store any media you have uploaded;

●  Clicks: we log your clicks around the spreadsheet whilst you are recording, only;

●  Input: we log your input into the spreadsheet whilst you are recording, only.

This Service data is encrypted at rest and in-transit via the aforementioned methods above.

Personal Data

Personal Data may include, but is not limited to:

●  First and last name

●  Contact information (e.g. email, billing address, shipping address, ‘phone number(s))

●  Suffix

●  Timezone (e.g. user preference or derived from contact information)

Disclosure

If you have any concerns or discover a security or privacy issue, please email us at privacy@kyndling.com and we will quickly investigate.

Subprocessors

●  Amazon Web Services, Inc, United States (“AWS”) is a cloud service provider used within LoyaltyLion as primary infrastructure provider for the LoyaltyLion service.

●  Auth0, Inc, United States (”Auth0”) is an identity management platform for application builders and developers. It provides Auth0, a web-scale cloud solution that includes APIs and tools that enable developers to eliminate the friction of authentication and authorization of their applications and APIs.

●  Mailgun Technologies Inc, United States (”Mailgun”) Mailgun enables developers to tightly integrate email into their apps, i.e. give real email mailboxes to their users, their web pages or any objects in their apps.

●  Stripe, Inc, United States (”Stripe”) is an Irish-American financial services and software as a service company dual-headquartered in San Francisco, United States and Dublin, Ireland. The company primarily offers payment processing software and application programming interfaces for e-commerce websites and mobile applications.