We take the security of your data very seriously at Konstructly. As transparency is one of the principles on which our company is built, we aim to be as clear and open as we can about the way that we handle security. If you have additional questions regarding security, we’d be happy to answer them. Please write to [email protected] and we will respond as quickly as we can.
Architecture and data segregation
The Konstructly services are operated on a multi-tenant architecture at both the platform and infrastructure layers that are designed to segregate and restrict access to the data that you and your users make available via the Konstructly services, as more specifically defined in your agreement with Konstructly (or its corporate affiliate(s)) covering the use of the Konstructly services (‘Customer Data’), based on business needs. The architecture provides a logical data separation for each different customer via a unique ID.
Public cloud infrastructure
The Konstructly services are hosted over the Internet on a ‘Public Cloud’, which are computing services offered by third-party providers to anyone who wants to use or purchase them. Like all cloud services, a public cloud service runs on remote servers that a provider manages.
Security controls
Konstructly will implement and maintain appropriate technical and organisational measures to protect your Customer Data against accidental or unlawful destruction, loss, alteration and unauthorised disclosure of or access to the Customer’s personal data that is processed or transmitted through the Konstructly services. The Konstructly services have a number of security controls, including but not limited to:
- Access logging. Detailed access logs are available both to users and administrators of paid teams.
- Access management. Administrators can remotely terminate all connections and sign out all devices authenticated to the Konstructly services at any time, on demand.
- Product security practices. New features, significant functionality and design changes go through a review process facilitated by the engineering team. In addition, our code is tested and manually peer reviewed prior to being deployed to production.
Incident management
Konstructly maintains security incident management policies and procedures. Konstructly notifies impacted customers without undue delay of any unauthorised disclosure of their respective Customer Data by Konstructly or its agents of which Konstructly becomes aware to the extent permitted by law. Konstructly typically notifies customers of significant system incidents via email, and for incidents lasting for more than one hour, may invite affected customers to join a conference call about the incident and Konstructly’s response.
Data encryption
The Konstructly services use industry-accepted encryption products to protect Customer Data (1) during transmissions between a customer's network and the Konstructly services; and (2) when at rest.
Reliability, backup and business continuity
We understand that you rely on the Konstructly services to work. We’re committed to making the Konstructly services a highly available service that you can rely on. Our infrastructure runs on systems that are fault tolerant, for failures of individual servers or even entire data centres. Our engineering team tests disaster-recovery measures regularly and has a 24-hour on-call team to quickly resolve unexpected incidents. Industry standard best practices for reliability and backup helped to shape the design of the Konstructly services. Konstructly performs regular backups, facilitates rollbacks of software and system changes when necessary and replication of data as needed. Where possible, Konstructly will assist the Customer with data recovery for Major Catastrophic Events, as limited by data residency requirements of the locality and capabilities within the region. ‘Major Catastrophic Event’ means three broad types of occurrences: (1) natural events such as floods, hurricanes, tornadoes, earthquakes and epidemics; (2) technological events such as failures of systems and structures such as pipeline explosions, transportation accidents, utility disruptions, dam failures and accidental hazardous material releases; and (3) human-caused events such as active assailant attacks, chemical or biological attacks, cyberattacks against data or infrastructure, and sabotage. Major Catastrophic Events do not include bugs, operational issues or other common software-related errors.
Customer Data is stored redundantly in multiple machines in our hosting provider’s data centres to ensure availability. We automatically do backups of all stored data and backups are stored in another location.
Deletion of Customer Data
The Konstructly services provide the option for workspace primary owners to delete Customer Data at any time during a subscription term. Within 24 hours of deletion initiated by a workspace primary owner, Konstructly hard deletes information from currently running production systems (excluding data of users who wish to retain their Konstructly account). Konstructly services backups are destroyed within 180 days (except that during an ongoing investigation of an incident, this period may be temporarily extended).
The Konstructly services handle payment data (generated by work submissions by Authorised Users and their subsequent approvals by other Authorised Users within the Workspace), which constitute payables to the former Authorised Users mentioned. As such, Konstructly is unable to allow users to delete their account, which includes necessary payment details, from within the app as they may jeopardise future/pending payments. Therefore, if you are an Authorised User and you wish to delete your account, please write to use at [email protected] to do so.
Confidentiality
We place strict controls over our employees’ access to Customer Data. The operation of the Konstructly services requires that some employees have access to the systems which store and process Customer Data. For example, in order to diagnose a problem that you are having with the Konstructly services, we may need to access your Customer Data. These employees are prohibited from using these permissions to view Customer Data unless it is necessary to do so.
All our employees and contract personnel are bound to our policies regarding Customer Data, and we treat these issues as matters of the highest importance within our company.
Infrastructure
Konstructly uses infrastructure provided by Scaleway S.A.S. to host or process Customer Data submitted to the Konstructly services. Information about security and privacy-related audits and certifications provided by Scaleway is available from the Scaleway website