Data Encryption In Transit and At Rest

Keia supports the latest recommended secure cipher suites and protocols to encrypt data in transit. Customer data is not yet encrypted at rest, but we are implementing plans to have this resolved.

We work hard to maintain best practices for encryption and disable support for older encryption standards that are no longer considered strong. This is one reason that we drop support for older browsers aggressively. Read more about our browser support policy.

Data centre security

Keia and your data are hosted on DigitalOcean, a global leader in Infrastructure as a Service (IaaS). DigitalOcean takes physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means.

DigitalOcean is currently working towards achieving ISO/IEC 27001:2013 certification. You can read more about the specifics of their approach at https://www.digitalocean.com/security/.

Access control

You choose who to add to your Keia professional account and the permissions they have. Our team do not have access to login to your account without your permission.

On rare occasions, it may be that we can better assist in investigating a problem you are having with Keia if we can access your account. We would always ask your permission before taking this action.

Internal controls

Keeping systems safe is part of our daily life here at Keia. We have strict internal policies and processes to keep our team and their kit safe, to protect our assets, and to limit access to sensitive systems and infrastructure to key staff on a needs-only basis.

Backup and availability

Our systems automatically replicate your data across multiple servers in real-time to maximize availability. Data is also backed up on a nightly basis to ensure we can restore access to your data and the service in the unlikely event that the data replicas on all servers fail at once. Our monitoring alerts us to any trouble and we have staff on standby at all times to quickly resolve unexpected incidents.

Updates and external review

We update Keia on a regular basis, and because you access Keia via your browser you’re always on the latest version. We monitor security advisories and other security community output closely. We also undertake a system vulnerability scan on all of our servers on a regular basis, and work promptly to upgrade the service to respond to potential new threats and vulnerabilities as they are discovered.

Payment card data

We maintain PCI-DSS certification for payment collection. We do not process or store credit card details on our systems.

Concerns or want to contact us?

For any concerns or queries, please email us at [email protected] so that they can be handled promptly by our security team.