Technology

Please provide your IT security details to us

Authentication

Authentication and session management is provided by asp.net core authentication with enforced HTTPS and prevention of cross-site scripting. Passwords are hashed with PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations as per the default hashing within the technology.

Databases

The database used is SQL Server 2017 hosted on Azure cloud. The database has IP restrictions and is behind the Azure firewall. All data is encrypted using TSL and protected with Azure threat detection. Full information can be found here:

Web application

The web application is hosted on the Azure cloud in the UK South datacenter. We utilise Azure’s Secrets vault and network isolation of the virtual machine as part of their security services. This is in addition to their DDOS protection and firewall. Full information can be found here:

An industry-level SSL certificate is installed on both the production and the staging site.

Logging and monitoring

Logging is implemented using SEQ and alerts based on any malicious attempts or data breaches. Data older than 200 days is automatically archived.

Backups and failover

A second deployment slot is available in case of failover and nightly database backups are taken in case of data corruption.

OWASP Top 10

We aim to test against and protect against the OWASP Top 10 web application security threats.

What personal data is stored and are there any GDPR implications?

Personal Data stored

- First Name

- Middle Name

- Surname

- Email

- Phone

- City of residence

- Country of residence

- Time zone

Personal Data shared

Explicit permission is requested from the users on sign up of the platform to share the contact details and their biography with their matched coach. This is so that the coach and coachee can contact each other to arrange their coaching sessions.

As part of the client on-boarding, it is decided whether evaluation data should be anonymous or identifiable. Based on this, explicit permission will also be asked for if any identifiable evaluation data will be shared back to the client.

Information is never shared with any other third party.

Request for information

Within the portal, under the settings tab, all information held by Know You More can be downloaded in JSON format.

Deletion of data

Data will be deleted automatically 6 months after the completion of the coaching programme of the coachee.

Documentation

Full Data Retention and Data Protection policy available on request. Please contact the Data Protection Officer, Chirag Mehta on chirag@knowyoumore.com

What standards is your platform complying with: WCAG (which level?); do you have proof for ADA and/or Section 508 compliance?

Our core service is in person, human coaching conversations. These are held via clients preferred video conferencing software and can be delivered via telephone if software or bandwidth does not allow. The platform is the engine that drives that service at a scale. Whilst the platform has been designed to meet accessibility requirements and tested against the relevant tools, we do not have proof for ADA and/or Section 508 compliance at this stage.

Can you confirm your tool is device-agnostic, hence fully responsive on both desktop, laptop, and mobile devices like iPads and smartphones?

Yes. The application has been developed using mobile responsive web technologies

If someone can use the tool only on desktop/laptop, will any functionalities be lost?

No functionality will be lost. There will be a requirement to ensure people have proxy access to portal.knowyoumore.com

Where are your servers located?

Our servers are hosted on the Azure cloud in the UK South datacentre which is in London.

Is it possible to create an interface with other systems?

Yes. A rest API is available should there be a requirement to interface with other systems