logo logo

    Security

    Information Security Program

    Krisp employs information security policies and there is an executive-level strong commitment to implement and follow the policies throughout the organization.

    Information Security program is lead by the Head of Security @ Krisp.

    SOC-2 Compliance

    Krisp is planning to receive SOC-2 certification in the second half of 2020.

    Customer Data

    Krisp desktop app (Windows and Mac) processes all voice audio data on the end user’s machine. This data never leaves the user’s machine.

    Krisp stores the following customer data in its cloud:

    • Emails (if the customer is using email-based signup)
    • Team names
    • Payment history and invoices (credit cards are stored at Stripe)
    • Analytics data
      • Aggregated statistics minutes Krisp has been used for;
      • Application name which Krisp has been used with (e.g. Zoom, Skype)
      • Microphone, speaker names which Krisp is being used with (e.g. AirPod)

    Encryption

    TLS encryption is used throughout all our services (no exception).

    GDPR and Data Retention

    Customers can delete all their data by sending an email to support@krisp.ai.

    Customers can request all their data by sending an email to support@krisp.ai.

    Once a user account is deleted, all associated data (account settings, etc.) are removed from Krisp systems. This action is irreversible.

    This document provides the full list of authorized Krisp Sub-processors and describes the process of receiving notifications on sub-processor changes.

    Data Access and Segregation

    Account data is gated at the application layer. Account data is not physically segregated at the database or storage layers. If this is a security requirement for your team, please contact us at security@krisp.ai.

    3rd Party Data Sharing

    We share some user information with 3rd-parties for analytics reasons, payments (Stripe), sending transactional emails (Sendgrind), etc. That complete list along with the reason for sharing exactly what information we send to these platforms can be provided upon request. Please email us security@krisp.ai.

    Internal Krisp Team Data Access

    By default, only our key engineering leads have access to customer data. All other engineers do not have access to customer data unless granted permission for debugging purposes.

    Infrastructure Availability

    Krisp app operates locally on the users’ machines and most of the time doesn’t need to connect to its backend. When it detects that it can no longer connect to the backend it stops operating.

    Our backend infrastructure is entirely hosted on AWS, it’s fully automated and monitored by continuous functional tests to detect any sort of downtime.

    Production and Datacenter Security

    Krisp backend is entirely hosted on AWS and leverages all the security benefits (physical security, key management, redundancy, scalability, etc) that AWS provides. The IT infrastructure that AWS provides to its customers is designed and managed in alignment with security best practices and a variety of IT security standards, including SOC 1/SSAE 16/ISAE 3402 • SOC 2 • SOC 3 • FISMA, DIACAP, and FedRAMP • DOD CSM Levels 1-5 • PCI DSS Level 1 • ISO 9001 / ISO 27001 • ITAR • FIPS 140-2 • MTCS Level 3.

    In addition, Krisp backend is security-hardened by:

    • Using the least privilege principle for limiting internal communication between its hosts
    • Closing all unused ports (including SSH) with AWS’s built-in firewall
    • Only allowing HTTPS communication with AWS’s most recommended TLS settings
    • Using best and modern practices for secure programming

    Krisp Backend doesn’t use passwords which makes it very lightweight from a security perspective. Instead, it relies on Google Sign-in, SSO and email code verification for all user sign-in events.

    Krisp Backend is leveraging Stripe for payments and therefore it doesn’t store credit cards.

    Regular PenTests and Security Scans

    Krisp Backend is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities. In addition, every quarter we do a thorough and detailed pentest using 3rd party pentest companies.

    Security 101 for Krisp Team

    All members of our team go through a Security 101 training for increased security awareness

    Contact

    If you have any questions about this doc please contact us at:
    security@krisp.ai

    close

    Choose the right platform for you

    Both come with 120 min/week for free

    Krisp

    Chrome Extension

    • One-click install
    • Mute microphone noise
    • Use with any conferencing web app inside Google Chrome
    Install Extension
    Krisp

    Desktop App

    • Easy install & setup
    • Mute microphone & speaker noise
    • Use with any native conferencing app
    • Superior noise cancellation

    Download for Windows Mac or iOS

    We use cookies to improve your experience on our site.

    To find out more, read our Privacy Policy
    Accept Cookies