Time Tracking & Productivity Blog
Noko is the time tracking and invoicing app that your team will love.

Noko Time Tracking


Time Tracking your Team will love.

April 2019
S M T W T F S
« Mar    
 123456
78910111213
14151617181920
21222324252627
282930  

Categories


Keeping your data secure

Thomas FuchsThomas Fuchs

Terms of Service (User Agreement) | Privacy Policy | Data Security | GDPR Data Processing Agreement

Here’s what we do at Noko to keep your data safe and sound:

Redundant Protection Against Data Loss

Noko uses state-of-the-art RAID 10 data storage. We make hourly backups of Noko’s databases and daily (full image) backups of Noko’s servers. These backups are saved and encrypted on storage services off-site, then systematically tested for integrity. Hourly backups are saved for several months. Monthly backups are stored long-term. We maintain live copies of all our log files off-site. Sensitive data like passwords or credit card numbers are never logged.

Your Credit Card Data is Safe

Noko does not transmit or store your credit card information on our servers. However, we fully comply with the PCI DSS in the interest of keeping all data secure. This means your credit card data is securely submitted directly from your browser (without touching our servers) to a leading, fully PCI-compliant (PCI Service Provider Level 1) payment gateway provider. Your credit card data is never stored on our servers.

Always-on Secure Connections

Noko uses Always-on secure SSL connections for all accounts. We use a 2048-bit key and score an A+ on the Qualys SSL Labs test (as of 5/2018). We have Perfect Forward Secrecy and Strict Transport Security enabled on supported browsers. Our session and “remember me” cookies use the secure and HTTP only flags. We frequently and consistently review our SSL configuration and make appropriate updates in the unlikely case new SSL vulnerabilities are discovered.

Up-to-Date Infrastructure and Patches

Noko’s infrastructure maintains peak performance with regularly scheduled security updates and by promptly applying any patches that are recommended for immediate role out. Strict measures are in place to ensure that maintenance access to our servers is only allowed on a case-by-case basis. To fortify this, our network is locked down with firewalls. For even more added security, the Noko application is hosted on a separate server and network, from our support system and our main site (http://nokotime.com).

Physical Security

Noko is hosted by a globally leading managed cloud company. Our hosting facility is SOC 1 Type II, SOC 2 Type II, and ISO 27001 certified, and includes two-factor biometric authentication, role-based secure sub-areas, closed-circuit 24x7x365 video surveillance, and physical perimeter defense measures. These security structures reinforce our redundant systems for climate control, conditioned power, routing, and internet connectivity.

Monitoring and Fast Response

Noko mobilizes redundant, world-wide monitoring services to supervise our 24x7x365 infrastructure. Our developers are instantly made aware of any errors, slow-downs, or other abnormalities by automatic alarms. Our team pro-actively runs automated scans (provided by trusted 3rd-party compliance services) of our servers for security issues and PCI compliance. Should we detect issues with your account, we will immediatly contact the account owner by email.

Your Data is Yours, Always

Noko does not share your time tracking data with anyone. If you decide to cancel your account, we make it easy for you to download all your data. Please see our privacy policy for more details.

Reporting Incidents

Please send urgent and/or sensitive security reports directly to security@nokotime.com.

Questions?

Please send questions or concerns to support@nokotime.com.

Thomas’ work on Prototype.js, Zepto.js and Micro.js has made him a certified JavaScript Guru. Before founding Freckle, Thomas was consulting with some of the world’s best known companies on their craziest interactive JavaScript needs. A Ruby on Rails core alumni, he is passionate about creating the best user interface experience possible and penned the Scriptaculous JavaScript UI library to share the love, counting sites like Apple.com and Nasa.gov among its users. Thomas’ master plan: work toward a more delicious web using open source goodness.