Built on security and transparency

Security Policies & Practices

• Comprehensive information security policies
• Regular security assessments and penetration testing
• Incident response and disaster recovery procedures
• Secure software development lifecycle (SSDLC)
• Vendor and third-party security assessments

Data Protection

• End-to-end encryption for data in transit (TLS 1.3)
• AES-256 encryption for data at rest
• Secure key management practices
• Regular data backup and recovery testing
• Data classification and handling procedures

End-to-End Encryption

IoTKinect provides the possibility to implement end-to-end encryption between end-devices and end-applications. This means that IoTKinect handles the MAC-layer and has access to network-session related keys, but never has access to root keys and application-session keys, ensuring complete data privacy throughout the transmission chain.

TLS/SSL Certificate Management

• Support for both self-signed and CA-signed certificates
• Automated certificate generation and renewal
• Client certificate validation for API endpoints
• Mutual TLS (mTLS) authentication for device connections
• Secure certificate storage and key management

MQTT Security

• TLS-encrypted MQTT connections (MQTTS)
• Client certificate-based authentication
• Per-gateway and per-application certificate generation
• Support for multiple authentication methods
• Encrypted message payloads

Access Control

• Role-based access control (RBAC)
• Multi-factor authentication (MFA) enforcement
• Privileged access management
• Regular access reviews and audits
• Zero-trust security model implementation
• Client certificate validation for API access
• Token-based authentication with configurable expiry

Network Security

• Secure API endpoints with TLS encryption
• Protection against unauthorized access through certificate validation
• Encrypted communication between all system components
• Support for VPC and private network deployments
• Network segmentation and isolation

Key Encryption Keys (KEK)

• KEK mechanism for encrypting session keys
• Secure key exchange between network components
• Support for multiple KEK labels
• Encrypted key transmission for roaming scenarios

Session Management

• Secure device session handling
• Encrypted application session keys
• Frame counter validation to prevent replay attacks
• Session lifetime management
• Stateful and stateless session options

Data Minimization

We collect only the data necessary for providing our services, ensuring minimal footprint and maximum privacy.

Transparency

Clear communication about what data we collect, how it's used, and with whom it may be shared.

User Control

Empowering users with controls over their data, including access, correction, and deletion rights.

Privacy by Design

Privacy considerations are embedded into our product development process from the very beginning.

Secure Processing

All personal data is processed using industry-leading security measures and encryption standards.

Accountability

We maintain comprehensive records and conduct regular audits to demonstrate our compliance.