The full regulation on how we process your data is outlined in our terms and conditions and in our privacy policy. Please refer to those in case of doubt. The following page is intended as a quick reference on the essential principles that govern our data policies.
Useful Resources
⭐ Privacy Policy Addendum for AI Features
Security Hall of FameVulnerability Disclosure💾 What do we store on our cloud servers?
- Your Akiflow account, contact information, and your billing information.
- Data such as, but not limited to, your tasks, labels and other elements created in Akiflow.
- Data coming from third-party sources relevant to Akiflow (like calendar events, the subject of the emails you star, or the text of slack messages you save).
- API keys and authorization tokens to access data on third-party sources.
We are doing so to provide you with additional features, such as:
- multiple device synchronization support
- recovery in case of data loss from your device
That means that data such as, but not limited to, your tasks, events, or saved Slack messages is stored on your local machine and synced with our servers.
🦺 How do we protect the data we store on our cloud servers?
To ensure the highest degree of security relative to the Service provided, we take several measures to protect all data we process. These measures include, but are not limited to:
- User’s contact information (such as name, email, etc.) and user-generated data (such as tasks, events, etc.) are stored in several different databases, on different servers.
- Access to the servers, and the databases hosted on such servers, is granted only to individual high-level employees, only to the extent needed to maintain and develop the service, and is subject to rigorous authentication mechanisms.
- We use techniques such as data pseudonymization, the unique identifiers for each user and their data are stored on different databases on different servers.
🦺 How is data encrypted both in transit and at rest?
- We implement strong encryption mechanisms. All communications are encrypted using https protocol (TLS). In transit, we use TLS. Regarding API keys and authorization tokens. At rest, data is encrypted using industry-standard 256-bit AES encryption on our servers. Our infrastructure use GCP, and databases are stored at rest, according to GCP policies.
🦺 How is access to user data controlled and monitored?
Internally we follow a minimum access policy to share data. Authentication is linked to GCP and Google accounts to ensure access to personal data.
Do you have SOC II / ISO 27001 / Compliance with FERPA requirements?
We currently don’t have these certifications.
Do you have a Data Processing Agreement (DPA)?
Yes, please send our Support team a message in order to get a DPA signed.