Security FAQs

Frequently Asked Questions on Connqt.ai Ltd. (“Connqt”) Security

Where is my data stored?

Connqt.ai software and applications are currently hosted on Google Cloud Platforms in the European Union.


Will Connqt personnel have access to our data and what data will they have access to?

Ordinarily,  Connqt personnel do not have the ability to access your data. However, in limited circumstances, in order to provide you with technical support, we may access your data. Such access will need to be specifically approved and will be with your consent. Even, in these circumstances access to your data will be restricted to a small number of personnel on a need-to-know basis. This access is also reviewed periodically.


Is data stored on Connqt cloud products encrypted?

We encrypt sensitive personally identifiable information in customer data both in transit and at rest. Data at rest is encrypted using industry-standard AES-256. All customer data is encrypted in transit over public networks using Transport Layer Security (TLS) 1.2/1.3 with Perfect Forward Secrecy (PFS) to protect it from unauthorized disclosure or modification.


How are passwords for Connqt cloud services stored?

The passwords you use to access Connqt services are stored in a non-reversible encryption scheme.


How is customer data segmentation implemented in Connqt cloud services?

Our framework distributes and maintains the cloud space for our customers. Data of multiple customers is logically separated from each other and our framework ensures that no customer’s service data becomes accessible to another customer.


How does Connqt protect itself against DDos attacks?

As our services are hosted on Google Cloud Platform, we benefit from their state-of-art protection against DDoS.


I found a vulnerability in one of your products. How do I report it?

If you discover a vulnerability in one of our products, you can let us know so that we can fix it as soon as possible at [email protected].


Does Connqt have an incident response program?

In cases where we are controllers of data and an incident lead to a data breach, the affected customers will be notified within 72 hours after we become aware of it.  In cases where we are processors of data and an incident leads to a data breach, the respective controllers will be informed without undue delay. 

For general incidents, we will notify users through our website, blogs, forums, and social media. For incidents specific to an individual user or an organization, we will notify the concerned party through email (using their primary email address). Complete report can be provided to customers on request within 5 to 7 working days.


What are Connqt’s responsibilities in the event of a security incident?

We notify the incidents that apply to you, along with suitable actions that you may need to take. We track and close the incidents with appropriate corrective actions. Whenever applicable, we provide you with necessary evidences regarding incidents that apply to you. Root Cause Analysis will be provided on request.

As a customer of Connqt, what are the additional security options I have to protect my data?

Additional security features that can be availed by customers:

  • Multi factor authentication
  • Configurable password policy
  • Role based access control

If a customer discontinues Connqt service, how long is their data retained?

We hold the data in your account as long as you choose to use Connqt Services. Once you terminate your Connqt user account or it gets terminated by us, your data will eventually get deleted from active database during the next clean-up that occurs once in 6 to 12 months. The data deleted from the active database will be deleted from backups after 3 months.


What is Connqt’s business continuity and disaster recovery plan?

We have a business continuity plan for our major operations such as support and infrastructure management. 


What is your data backup policy?

We run full back-ups once a week and incremental back-ups every day. Back-up data in a DC is stored in the same location and encrypted at rest, as the original data. A retention time of 3 months is applicable for all backed up data. 


What controls you have in place while accessing customer data?

We employ technical access controls and internal policies to prohibit employees from arbitrarily accessing user data. We adhere to the principles of least privilege and role-based permissions to minimize the risk of data exposure.  


What is your risk assessment process? How often is risk assessment performed?

We have a risk assessment policy and procedure to identify, analyze and mitigate risks by implementing appropriate controls. We perform risk assessment for every major change that happens in our environment. The overall risks are reviewed and updated at least once in a year. 


Will you share my data for the purpose of law enforcement?

We always provide utmost importance to customer’s privacy. When we receive requests from law enforcement authorities, we review such requests to see if the applicable legal process is followed to obtain a valid and binding order. We object to overboard or otherwise inappropriate requests. Unless prohibited by law, we notify customers before disclosing customer data so that the customers can seek protection from disclosure.