At Karliee, protecting your data is a core responsibility — not an afterthought. This page outlines the security practices and controls we have in place to keep your workspace, your team's data, and your clients' information safe.
1. Data Encryption
1.1. In Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all Karliee properties and do not accept unencrypted connections.
1.2. At Rest
Data stored in our databases is encrypted at rest using AES-256 encryption. Passwords are never stored in plain text — they are hashed using bcrypt, a strong one-way hashing algorithm.
2. Access Controls
- Access to production systems is restricted to authorized engineers using multi-factor authentication (MFA).
- We follow the principle of least privilege — each team member and system component only accesses what it needs.
- All administrative access is logged and audited.
- Third-party vendors are vetted for security practices before being granted access to any data.
3. Authentication
- Karliee uses secure, cookie-based sessions combined with JWT tokens for user authentication.
- Sessions expire automatically after a period of inactivity.
- We recommend using a unique, strong password for your Karliee account and enabling MFA where available.
4. Infrastructure Security
- Karliee is hosted on enterprise-grade cloud infrastructure with physical security controls, redundancy, and automatic failover.
- Our network is protected by firewalls, intrusion detection systems, and DDoS mitigation.
- Databases are not publicly accessible and are isolated within private network segments.
- Automated backups are taken daily and tested regularly to ensure restorability.
5. Application Security
- Our development process includes code reviews and security-focused testing before every release.
- We protect against common web vulnerabilities including SQL injection, XSS, CSRF, and others in the OWASP Top 10.
- Dependencies are regularly reviewed and updated to address known vulnerabilities.
6. Data Isolation
Each Karliee workspace is logically isolated. Users only have access to data within workspaces they have been explicitly invited to, and workspace admins control permissions for all team members.
7. Incident Response
In the event of a confirmed security incident affecting user data, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable data protection laws. Notifications will include the nature of the incident, what data was involved, and the steps we are taking.
8. Responsible Disclosure
If you believe you have discovered a security vulnerability in Karliee, please report it responsibly. Do not publicly disclose the issue until we have had a chance to investigate and address it.
Email your findings to security@karliee.com with a clear description of the vulnerability, steps to reproduce it, and its potential impact. We aim to respond within 2 business days.
9. Your Role in Security
- Use a strong, unique password for your Karliee account.
- Do not share your login credentials with others.
- Review team member permissions regularly and remove access for users who no longer need it.
- Report any suspicious activity to support@karliee.com immediately.
Contact Our Security Team