Data retention policy
Kolide uses high availability and durable data storage services to ensure the Kolide application remains available and the integrity of the data is maintained.
For HA, Kolide maintains an identical follower database in a separate availability zone (AZ) that can be instantly promoted to the leader if any failover conditions are met. In practice, even catastrophic issues with the DB will not impact application availability.
Kolide leverages Heroku’s managed backups which retains at-most 50 backups roughly logarithmically spaced out over a 30 day period.
During high risk deployments, Kolide staff are expected to manually backup the database so that any malfunctioning deployments can be easily backed out with minimal disruption to our customers.
Data archiving and removal policy
Formal requests to delete data can be submitted by any Full access user or official Point of Contact via email (
[email protected]) or via our Intercom chat service.
Upon request, a Kolide member will acknowledge receipt and file a ticket so that a qualified Kolide Site Reliability Engineer (SRE) can perform the request within 2 business days of receipt.
Once the data has been deleted, a Kolide employee will follow-up with the Customer contact and let them know that the requested data was deleted or set any expectations about when that data will be fully-deleted (for example when it will be purged from backups, etc.).
Data storage policy
Kolide stores essential information in Heroku’s PostgreSQL DB service. This service is encrypted at-rest using AES-256, block-level storage encryption. Keys are managed by Amazon, and individual volume keys are stable for the lifetime of the volume.
In addition, all backups of the database are stored in an encrypted S3 bucket in the US region. These backups are only accessible to a select set of Kolide SREs and executive staff.
Data center location(s)
United States
Data hosting details
Cloud Hosted
Data hosting company
Heroku, AWS, and GCP
App/service has sub-processors
yes
Guidelines for sub-processors