FAQ Compliance & Security

What type of data may be collected through KYP.ai Agent?

The KYP.ai client collects data from any application on the end user's machine. By default (Neutral category), only basic data about the running application and no personal data is collected. The KYP.ai application administrator on the client side defines whether data collection should occur at a high level of detail by adding the application overview to Productive or Neutral. Any application or view can also be classified as private. In this case, no data is collected by the KYP.ai client.

Where is the data stored?

The SaaS solution is on servers at locations agreed upon by customers. KYP.ai client processes data immediately after event collection with an average CPU overhead of 2% (standard desktop hardware). If the network connection to the KYP.ai server is unavailable, data is stored locally on the end user's desktop in the internal embedded database; when the network connection is restored, data is sent to the server, and local storage is cleared. This applies to all data collected on the end user machine. The KYP.ai client can enable a data log to review what has been collected. The KYP.ai administrator must enable this option. For the on-premises solution, data is processed at the customer's site.

Can admin determine which applications are monitored through KYP.ai Agent?

Yes, this can be entirely determined for each organisation, and it is highly recommended that you discuss this internally with all affected areas of your business. Appropriate classification of monitored applications will eliminate unnecessary risks associated with employee privacy violations and allow you to focus on areas that require monitoring.

How KYP.ai ensures compliance with EU GDPR?

KYP.ai's EU GDPR compliance at the organisational and product level is continuously reviewed internally to ensure that all new and updated rules of the EU GDPR legislation are applied to new product features and within the KYP.ai organisation. An updated certificate of compliance with EU GDPR legislation is available upon request. The organisation regularly undergoes EU GDPR audits by an external law firm. We have implemented measures to protect your personal data, including using the European Commission's standard contractual clauses for transfers of personal data between our group companies and between us and our third-party providers. These clauses require all recipients to protect any personal information they process that originates from the EEA or the UK by European data protection laws and regulations. Our standard contractual clauses are available on request. We have implemented similar appropriate safeguards with our third-party service providers and partners, and further details can be provided upon request.

How KYP.ai addresses data localization?

Our servers are built in locations agreed with our customers. If you access our services from outside the customer-agreed locations, please be aware that your data may be transferred to, stored and processed by us in our facilities and by those third parties with whom we may share your personal information in and outside the United States. If you are located outside of the European Economic Area (EEA) or the United Kingdom (UK) – please consider that the tour country may not have similar standards of data protection laws or other similar laws as comprehensive as in EU/EEA or UK. However, we will take all necessary steps to protect your personal information by applicable laws.

How KYP.ai ensures compliance with industry recognized frameworks and standards?

All SaaS services use SOC-2, SOC-3, NIST and ISO-certified infrastructure. Infrastructure management endpoints which access Cloud components are equipped with active threat protection mechanisms. With KYP.ai managed cloud infrastructure, customers can audit platform security components (based on SLA contract). On the organisational level –KYP.ai's internal policies and procedures are based on the same standards and frameworks and are subject to ongoing reviews and improvements to reflect changes in these standards and frameworks. KYP.ai is insured for cybersecurity threats. KYP.ai is an AI-based solution. Therefore, we also monitor the development of standardization of AI technology to adapt to our product's most recent changes and best practices.

How KYP.ai ensures compliance with EU GDPR?

KYP.ai compliance with EU GDPR on organizational and product level is being reviewed on ongoing basis internally to make sure all new and updated rules to the EU GDPR legislation are applied to new features of the product and within KYP.ai organization.  Recent certificate of compliance with EU GDPR legislation is available on request.

We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA or UK in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners and further details can be provided upon request.

How KYP.ai ensures security of the product – KYP.ai Agent?

All SW components are scanned regularly to detect security & functionality bugs and address them as soon as possible by installing necessary security patches, SW/HW up versioning, etc. Patches are installed following a security advisory and from a trusted repository agreed in advance with the customer. Vulnerability alerts from KYP.ai's sub-processors (AWS, MS Azure, OVHCloud) are reviewed continuously to ensure that any security risks arising from these vulnerabilities are addressed. The KYP.ai security policy also includes proactive detective control of alerts based on recommendations of industry recognised organisations and resources (OWASP ZAP, NIST) to ensure the security of the KYP.ai customer network and the KYP.ai network.For on-premise solution – security if the product is fully aligned with security policies defined by customers.

What encryption standards are used?

Data is encrypted at rest and in transit using strong encryption methods—AWS KMS or AWS Cloud HSM AES-256—and also using a combination of encryption methods (both volume and level): Transport Security Layer TLS/SSL, Internet Protocol Security (IPsec) and Advanced Encryption Standard (AES), 3DES or Triple DES, Perfect Forward Secrecy (PFS), Twosh, RSA (Rivest-Shamir-Adleman), PKI (Public Key Infrastructure), and Elliptic Curve Cryptography (ECC).The KYP.ai organisation constantly reviews data transmission and processing security to meet changing legal requirements and standards. Additional customised security controls are implemented to protect the client and the KYP.ai organisation as agreed with the client.

Where can I get information about processors and sub-processors in the process?

Please see the below table with details of major sub processors, for more details about type of data processed please contact our Sales and Customer Success Team.

Need to know more?

In case of any more questions please contact us: info@kyp.ai