Data Center
Kanban Zone production services are hosted in Amazon Web Services (AWS) and MongoDB. The solution is deployed in one AWS region over multiple availability zones to increase resiliency. The physical servers are located in AWS’s secure data centers. Detailed AWS Cloud Security and ISO 27001 Compliance information can be reviewed directly from Amazon.
Hosted Data & Member Content
All member content is stored within the AWS us-east-1 region. Member content, including backups, is stored within AWS EC2 and S3.
Email address upon account creation must be verified before a new Kanban Zone member signup can be completed.
It is the member’s responsibility to which content, including any textual entries and attachments, the member chooses to store in Kanban Zone. Kanban Zone will support any type of content. The member’s content is neither verified nor monitored. Views, thoughts, and opinions presented in the content belong solely to the members and do not necessarily reflect the Kanban Zone team’s point of view.
Kanban Zone takes reasonable measures to secure all content stored, but members are encouraged to use their judgment when posting content into Kanban Zone.
Production Environment
All Kanban Zone production environments are hosted on the Amazon Elastic Container Service (ECS) using a cluster of Amazon Elastic Compute Cloud (EC2) instances within AWS. Kanban Zone maintains separate and distinct production, pre-production, test, and development environments.
Security
Please find below the security information.
Network
Kanban Zone uses Amazon Elastic Load Balancers to distribute traffic to a fleet of EC2 instances.
Kanban Zone utilizes AWS Security Groups as virtual firewalls for EC2 instances, enabling control over inbound and outbound traffic. Additionally, Kanban Zone employs Amazon API Gateway to expose some of its APIs.
Login
Kanban Zone allows application access via email (username) and password.
All passwords are stored in a hashed form and will never be sent via email, only links to the email associated with the member account will allow the ability to create a new password.
Kanban Zone minimum password requirements consist of the following:
- 1 lowercase character
- 1 special character
- 1 uppercase character
- 1 numeric character
- minimum length of 8 characters
After 5 consecutive failed login attempts, the account will be locked for 1 hour, or the member can perform a password reset. The member will be notified via email of the account lock.
Data in Transit Encryption and Security
All Kanban Zone connections are made securely over HTTPS. All connections must use TLS (Transport Layer Security). TLS is used to create a secure connection using 128¬bit AES (Advanced Encryption Standard). Encryption is used between the web client, the load balancers and the API Gateway.
Database Encryption and Security
All Kanban Zone database clusters storage and snapshot volumes have encryption enabled and use AWS Key Management Service (KMS) to store data at rest securely.
Data transmission between the application servers and the database is encrypted using TLS.
Attachment Encryption At-Rest and Security
File attachments uploaded after August 18th, 2018, are stored in Amazon S3 bucket storage and are encrypted at rest using one of the strongest block ciphers available—256-bit Advanced Encryption Standard (AES-256). This encryption is provided and managed by AWS S3 storage services.
Attachments are uniquely accessed with a link containing a random auto-generated and un-guessable component. Attachments are only accessible using a secure HTTPS connection.
Payments Processing
Kanban Zone uses 3rd party payment service providers. Our current payment processing is handled by Paddle, payments, tax, and subscription solutions. Paddle is PCI DSS SAQ A Compliant. Detailed information on Paddle security and Compliance can be reviewed directly at Paddle.
Before December 2022, our legacy payments processing is handled via Braintree, a PayPal(tm) service. Braintree provides Level 1 PCI compliance. Detailed information on Braintree security and PCI Compliance can be reviewed directly at Braintree.
https://www.braintreepayments.com/features/data-security
Third-Party Access
Select member data, in very limited cases, is shared only with third-party service providers acting on our behalf.
