Security Statement
Encryption
Keeper has deployed secure methods and protocols for the transmission of confidential or sensitive information over public networks. Encryption is enabled for databases housing sensitive customer data. We restrict privileged access to encryption keys to authorized users with a business need. All customer interaction with Keeper servers is encrypted through the use of SSL . Our SSL certificates use 256-bit encryption to protect your data. Data is encrypted at rest with AES-256, block-level storage encryption.
Disaster recovery
Keeper performs annual business continuity and disaster recovery tests.
Data retention and location
Data is backed up offsite daily for recovery from disasters. Daily logical backups are retained for 7 days. Our provider offers a continuous protection mechanism of disaster recovery. In addition, Keeper performs daily backups that are retained for 14 days. All user interactions are logged within AWS and in LogRocket.
Data stored consist of: employee data (demographics, employment details, benefit, next of kin, bank details), customer data (name, email, phone, IP, CC, SSN, Account Number). Customer data is managed, processed, and stored in accordance with the relevant data protection and other regulations, with specific requirements formally established in customer agreements, if any. Note, credit card details are stored by PCI compliant service partners.
Keeper securely and indefinitely retains data unless deletion is requested by the principal of the account. Servers housing data are located within the United States of America.
Financial security
Credit card and direct debit details are never stored by Keeper. All sensitive payment details are transmitted directly to our payment providers over SSL connections and are not logged or stored in Keeper systems.
Customer payments are processed by Stripe, a PCI-DSS Level 1 compliant provider.
Password security
Password security is maintained through minimum passwords lengths and automatic lockout on repeated login failures.
To maximize your safety, Keeper recommends your password be at least 10 characters with a mixture of letters, numbers and punctuation characters. We recommend that the password you use for Keeper is unique and not used for any other websites. A password manager such as 1Password or LastPass is recommended to manage your passwords.
No plain text passwords are stored at any time. We rely on trusted third party services for this.
Physical security
Keeper’s production systems run on Amazon Web Services (AWS), a popular cloud computing platform. AWS' security policy details the physical, network, system and data security they provide.
Network security
Keeper undertakes annual penetration testing provided by Agency
Keeper has implemented technologies to reduce the impact of DDoS attacks provided by AWS.
Vulnerability management
Software libraries used by Keeper are actively kept up to date. Any security fixes or patches are treated as top priority and are applied as quickly as possible - normally within 24 hours of public release.
Accreditation
Keeper is SOC 2 accredited.
Support and development
Our current infrastructure does not require scheduled maintenance down-times, but we reserve the right after providing 24 hours notice.