WebKyte internal and client data is hosted at Hetzner, a data center certified in alignment with ISO/IEC 27001 standard. All servers are configured to only enable connections and communication via protocols and ports required for operating. WebKyte keeps file integrity checks in place to avoid risk of modification of its operating system, software and data. Network and logs into the system are continuously monitored to identify behavioral anomalies. Two-factor authentication is necessary to access environments containing customer data.
WebKyte collects and stores minimum customer data. WebKyte has access only to information which is necessary to perform the service:
WebKyte does not have access to or stores video files used for generation of video fingerprints at any time. Video fingerprints are not reversible and cannot be transformed back to original video files. Without metadata, it is also not possible to identify media assets by its respective fingerprints.
WebKyte is committed to transparent procedures of processing customer data in full compliance with US and EU legal regulations, as well as specific client requirements.
WebKyte may collect technical data, including IP address, domain names, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system details and other technologies on the devices used to access the service. This information is utilized to measure and assess number of visits, average time spent on our client dashboard and website, specific pages viewed and to improve end-user service experience.
Data Privacy and Retention
Data Protection and Encryption
WebKyte has established policies and procedures to ensure that unauthorized parties cannot access customer data. Authorized employees can use data while being prevented from damaging or abusing it in any way. Encryption is the main measure implemented to protect privacy. Anyone without a private encryption key is denied viewing data. All databases and database backups are encrypted. The encryption is deployed with open source and industry-standard technologies that include Transport Layer Security (TLS), Secure Shell/Secure FTP (SSH/SFTP), and AES. WebKyte is maintaining separate regional environments to provide assurance of data locality.
Based in Vilnius, Lithuania (European Economic Area), WebKyte is subject to the General Data Protection Regulation (EU GDPR) that came into force on May 25, 2018. At present moment, the regulation remains one of the most comprehensive security and privacy policies in the world. WebKyte is fully compliant with the GDPR, ensuring all technical measures are taken to provide the highest level of data security.
Under the GDPR there are two conceptual roles that define and regulate responsibilities of the parties involved in data management. By controller, the law understands an entity or a natural person that decides why and how personal data is gathered and stored. A processor signifies an entity or a person in charge of processing this information. In some cases, the party may perform both functions at the same time. WebKyte acts as a controller when collecting information and is fully devoted to compliance with legal obligation imposed on the controller under GDPR. Under some contractual obligations, WebKyte may also act as a data processor when engaged in scanning and analysis of a video database on behalf of the controller. WebKyte complies with all requirements imposed on data processors as well.
Measures implemented by WebKyte are aimed to protect against any unlawful or illicit data use by internal or external parties and include but are not limited to:
– Access rights management
– Regular reviews and audit
– Due diligence procedures
– Physical security
– Network security
– Cybersecurity measures
– Confidentiality and privacy policies
– Appropriate documentation and device disposal
WebKyte evaluates all data gathered to ensure we meet compliance obligations under GDPR at all times.