Ensuring the security and integrity of user data and the speaker verification process is paramount for SESTEK. This section outlines the comprehensive security measures and data protection protocols implemented in strict compliance to data protection regulations to safeguard against unauthorized access, data breaches, and other potential security threats.
For detailed information on cloud security please refer to the SESTEK Cloud Security Statement.
Certifications
We are delighted to announce that Knovvu Biometrics has successfully passed the ISO 27001, ISO 9001, ISO 27017, ISO 27018, PCI DSS and SOC2 audits, earning SESTEK esteemed certifications. This achievement highlights our commitment to exceptional information security, quality management, and strict service controls. Attained through detailed audits, these certifications reinforce Knovvu Biometrics' reputation for excellence in security and quality standards.
Security Measures
Voiceprint
A voiceprint constitutes a biometric vector generated from the user's speech and securely stored in the database. It serves as a numerical representation of features extracted from the speaker's voice, rendering it entirely unusable in the event of theft or unauthorized access.
-
Irreversibility: Voice reconstruction from the biometric vector is not possible, providing an extra layer of protection against such occurrences.
-
Exclusive Compatibility: The vector is exclusive to the Knovvu Biometrics Engine, ensuring that compromised vectors cannot be exploited outside of our controlled environment.
Encryption
Data in transit
All data in transit between the user interface, API, and the Knovvu Biometrics is encrypted using industry-standard protocols such as TLS (Transport Layer Security).
For streaming data, the WebSocket protocol (WSS) is employed over secure HTTP connections (HTTPS). HTTPS encrypts the data exchanged between the browser and the server, while WSS encrypts the data sent over the WebSocket connection. This dual encryption ensures prevention of eavesdropping, tampering, and man-in-the-middle attacks on our WebSocket traffic.
Data at rest
For data at rest, we employ AES-256 (Advanced Encryption Standard) encryption to secure audio files in storage and voiceprints in the database. The use of AES-256 highlights the strength of our encryption algorithm, providing robust protection for stored data.
Data Processing
We exclusively process user data to provide services to our client companies in accordance with their guidelines. No customer data is utilized for training our biometrics engine.
Audit Trails
We maintain comprehensive audit trails for all system interactions. This includes user activities, API calls, and system changes. Audit logs are regularly reviewed for suspicious activities and are crucial for post-incident analysis.
Data Retention and Deletion
Data is retained in alignment with legal and operational requirements. Users can request the deletion of their data, which is then purged from all storage and backups in compliance with privacy laws and regulations.
Access Control
Strict access controls are in place to ensure that only authorized personnel have access to the Knovvu Biometrics servers and databases. This is enforced through the use of Identity and Access Management (IAM) policies.
Data Segregation
User data is logically segregated in a multi-tenant architecture. This prevents data leakage and ensures that one user's data is not accessible to another.
Risk Assessments
We proactively conduct Data Privacy Impact Assessments (DPIA) and General Risk Assessments, essential components of our approach. These assessments enable us to identify, evaluate, and address risks in data processing and management proactively.
The DPIA is geared toward reducing privacy risks for individuals, and our General Risk Assessments rigorously examines all operational areas for potential security vulnerabilities. This comprehensive strategy guarantees the utmost level of data protection and security for our clients and their users.