Security Policy
KRYPT7 is fully compliant with the 3 main principles of data security: confidentiality, integrity, availability.
In few words, by design, your data are protected against unauthorised:

- consultation (end-to-end encryption, zero knowledge of your password)
- alteration (encrypted transit & storage, signed emails, files fingerprints)
- deletion (instant failover, continuous backups)

We don't have the choice: we are ignorant of your data.
Every data leaving your browser on KRYPT7 is already encrypted.
Even when we verify your password, we hash it in your browser so nobody - even us - can have access to it.
Last, we never share in secret with KRYPT7 any of your message: if you not write to us, well we can't read you.

And we can prove all of it:

- delete the local storage of your browser when you're logged into KRYPT7: your data will be instantly unreadable.
- because your password is the only key to access your data and because nobody except you knows your password, if you forget it, you lose any possible access to your data. That's pretty harsh, but that's the only way to secure your data above all.

So even in the worst scenario, we can't share or give access to your data: not because the strength of our will, but because we don't have the choice.

KRYPT7 is built with no place to hope that things will be fine.
At anytime, your data is encrypted twice: by itself and by any means processing it (in every transit, as in every storage).

By the way, encryption in transit and at rest are, at best, what the most famous web services are only doing to protect your data.

But even beyond, KRYPT7 strengthens even more the security of your main data:

- emails are signed: a code stamp is incorporated in the message just before its encryption. A way to ensure that the message you are reading is the exact message sent to you by a verified sender.
- files fingerprint is checked: each file has a unique print, stored in upload, validated at each download, so if a single octet of your file has changed, the file is not served at all.

By encrypting it end-to-end, from your browser to your browser, your data exchanged through KRYPT7 will still be safe if anyone, beyond your browser, fails to protect it.

KRYPT7 stores all information in Germany, with an instant failover between real time dataset replica in case of an issue.
KRYPT7 continuously backup all information.
All the information processed by KRYPT7 is stored in Germany, by technical partners (both on application and storage side) certified under the E.U.-U.S. and Swiss-U.S. Privacy Shield Frameworks.

The user data are continuously backed up in 3 identical replica sets, provisioned across 3 distinct data-centers, ensuring the backups are typically just a few seconds behind the operational system (automatic failover in the event of a failure).

All data are protected by incremental backup for restoring a selected point in time within the last 24 hours. Backup snapshots are taken accordingly:

- snapshot every 6 hours stored for 2 days
- daily snapshot stored for 7 days
- weekly snapshot stored for 4 weeks
- monthly snapshot stored for 13 months

January 1st, 2019