Security

Your data security is our top priority. Learn how we protect your information.

At KeepTabs, we understand that you're trusting us with your personal goals and progress data. We take this responsibility seriously and have implemented comprehensive security measures to protect your information.

Data Encryption

In Transit

  • TLS 1.3: All data transmission uses the latest Transport Layer Security protocol
  • HTTPS Everywhere: All communications are encrypted between your device and our servers
  • Certificate Pinning: Mobile apps use certificate pinning to prevent man-in-the-middle attacks

At Rest

  • AES-256 Encryption: All stored data is encrypted using industry-standard AES-256
  • Database Encryption: Full database encryption with separate key management
  • Backup Security: All backups are encrypted and stored securely

Infrastructure Security

Cloud Security

  • Tier 1 Providers: Hosted on SOC 2 Type II certified cloud platforms
  • Geographic Distribution: Data centers in multiple regions for redundancy
  • Network Isolation: Virtual private clouds with strict network segmentation
  • DDoS Protection: Advanced protection against distributed denial-of-service attacks

Server Security

  • Regular Updates: Automated security patches and system updates
  • Intrusion Detection: 24/7 monitoring for suspicious activities
  • Access Logging: Complete audit trails of all system access
  • Firewall Protection: Multi-layer firewall protection

Application Security

Secure Development

  • Security by Design: Security considerations integrated into development process
  • Code Reviews: All code changes undergo security-focused peer review
  • Static Analysis: Automated scanning for security vulnerabilities
  • Dependency Scanning: Regular checks for vulnerabilities in third-party libraries

Authentication & Authorization

  • Multi-Factor Authentication: Optional 2FA for enhanced account security
  • Strong Password Policy: Enforced password complexity requirements
  • Session Management: Secure session handling with automatic timeouts
  • OAuth Integration: Secure sign-in with Google, Apple, and other providers

Data Protection

Access Controls

  • Principle of Least Privilege: Employees have minimal necessary access
  • Role-Based Permissions: Granular access controls based on job functions
  • Access Reviews: Regular audits of employee access permissions
  • Privileged Access Management: Special controls for administrative access

Data Handling

  • Data Minimization: We collect only necessary data for service functionality
  • Anonymization: Analytics data is anonymized and aggregated
  • Secure Deletion: Proper data destruction when accounts are deleted
  • Data Portability: You can export your data in standard formats

Monitoring & Incident Response

24/7 Monitoring

  • Security Operations Center: Round-the-clock security monitoring
  • Anomaly Detection: AI-powered detection of unusual activities
  • Real-time Alerts: Immediate notification of potential security events
  • Threat Intelligence: Integration with global threat intelligence feeds

Incident Response

  • Response Team: Dedicated security incident response team
  • Response Plan: Documented procedures for security incident handling
  • Communication Protocol: Clear process for notifying affected users
  • Recovery Procedures: Tested business continuity and disaster recovery plans

Compliance & Certifications

Standards Compliance

  • SOC 2 Type II: Annual third-party security audits
  • GDPR Compliance: Full compliance with European data protection regulations
  • CCPA Compliance: California Consumer Privacy Act compliance
  • ISO 27001 Framework: Information security management best practices

Regular Audits

  • External Security Audits: Annual penetration testing by third-party experts
  • Vulnerability Assessments: Regular internal security assessments
  • Code Security Reviews: Ongoing security analysis of application code
  • Compliance Audits: Regular reviews for regulatory compliance

Employee Security

Security Training

  • Security Awareness: Regular security training for all employees
  • Phishing Simulation: Regular phishing awareness testing
  • Incident Response Training: Specialized training for security team
  • Secure Development Training: Security best practices for developers

Access Management

  • Background Checks: Security screening for all employees
  • Multi-Factor Authentication: Required for all employee accounts
  • Device Management: Secure configuration of employee devices
  • Remote Work Security: VPN and security requirements for remote workers

Your Security

Best Practices for Users

  • Strong Passwords: Use unique, complex passwords for your account
  • Enable 2FA: Turn on two-factor authentication for extra security
  • Keep Apps Updated: Install app updates promptly for security fixes
  • Secure Devices: Use device locks and keep your devices secure
  • Review Permissions: Regularly review your accountability circle memberships

Reporting Security Issues

We welcome reports of security vulnerabilities. If you discover a security issue:

  • Security Email: support@usekeeptabs.com
  • Responsible Disclosure: We follow responsible disclosure practices
  • Bug Bounty: We offer rewards for valid security vulnerability reports
  • Response Time: We aim to respond to security reports within 24 hours

Transparency

We believe in transparency about our security practices:

  • Security Updates: Regular updates on our security blog
  • Incident Disclosure: Prompt notification of any security incidents
  • Audit Reports: Summary reports of our security audits (when permissible)
  • Open Communication: We're available to discuss security concerns

Security is an ongoing process, and we continuously work to improve our security posture. If you have questions about our security practices, please contact us at support@usekeeptabs.com.