Encryption and controls
KORE uses industry-standard AES-256 encryption. All data at rest is encrypted by default. KORE Ticketing, Sponsorship, and Suites & Premium use encrypted Amazon EBS (Elastic Block Store) volumes to store data and Amazon KMS (Key Management Service) to secure the encryption keys. Data in transit is secured using SSL/TLS. For more details, see the Amazon Shared Responsibility Model.
KORE is compliant with the requirements of SOC 2 and performs annual Type II audits. To obtain a copy of KORE’s SOC 2 audit, contact your Success representative.
KORE also partners with a third-party auditing firm (A-LIGN) to conduct annual penetration tests on both our external network and application perimeters. The most recent results are available from your Customer Success manager.
Data shared with third parties
Although KORE uses Amazon infrastructure, Amazon does not have access to your data. KORE runs Tableau Server software on Amazon infrastructure to provide reports. No customer data is sent to Tableau.
KORE uses RabbitMQ software hosted by CloudAMQP as part of the sync processes. The only data we provide to CloudAMQP is an ID number and a data type. For example, CloudAMQP might see “12345678, Account” but not the actual account information. When KORE’s Queue Manager later retrieves the Queue object, it uses the ID number and data type to access the actual user data via your CRM’s API.
GDPR and CCPA compliance
Under the European Union’s General Data Protection Regulation (GDPR), KORE Software is a data processor. Any data which you remove from your CRM will also be removed from the SQL Server database during the sync process.
Under the California Consumer Privacy Act (CCPA), KORE Software is a service provider. KORE performs data processing services on your behalf. KORE does not use consumer data for any purpose outside of the services provided. Any data which you remove from your CRM will also be removed from the SQL Server database during the sync process.
KORE provides integrations with many third-party data sources but cannot control the data held by those third parties. To prevent specific user data from being recreated in your KORE system, you must remove the data from both KORE and any other third parties.
Learn more at gdpr.koresoftware.com.