Our Security Practice

The Gokid Promise

At GoKid we want our users to know that we are handling their sensitive data respectfully, carefully, and with best security practices in mind. Our Data Use and Privacy Policy details how we use the information given to us while this page explains how we take care to follow secure practices in building and maintaining our technology to protect our users’ information. You can find below our security practices in both Development (related to how we build our apps) and Infrastructure ( related to how we manage the ongoing use of our apps).

Development

When looking into new features we have security as one of the priorities. So we design with standard security practices in mind.

Encrypt All the Data
Encrypt all identifiable data not just when we store it but in transit between our servers and the app on the client device (end-to-end encryption).

Be Careful While Using Third-party Libraries
Look for common threads and fixes before any release.

Use Only the Authorized APIs
We restrict the number of APIs developers use so we can avoid data leaks.

Implement High-Level User Authentication
We use the most common and secure protocol for Authentication OAuth2 with JSON web tokens.

Deploy Tamper Detection Techniques
Tamper detection techniques are used to get alerts whenever someone tries to tamper with our code or inject malicious code into our application’s source code.

Leverage The Principle of Least Privilege (POLP)
The principle of least privilege that dictates a code should run with only those permissions that are essential for its functioning and nothing more than that.

Test & Update Regularly
It is a never-ending process that needs to be performed regularly. We test our apps, and our Gokid Connect school solution prior to every release by our Q+A team.

Infrastructure
Change Management

We have a change management process for our infrastructure that includes source code control, peer code review, logging, and alerts for unusual behavior. All production changes are deployed with an automated system that detects reliability issues and reverts problematic deploys. Our automation allows us to safely and reliably deploy code to production dozens of times a day.

Availability and Disaster Recovery
Since our service is based entirely on the cloud, our disaster recovery plan is based on best practices from our provider, Google Cloud, for maintaining resiliency in the case of disaster. We use multiple Google Cloud availability zones to safeguard against single data-center issues.

Data Encryption in Storage and Transit
We encrypt all Personally Identifiable Information (PII) in transit outside of our private network and at rest in our private network.

Data Isolation
GoKid uses logical separation to process data in a multi-tenant environment. The code controls are tested before every production deployment. Data processing occurs in containerized environments with limited access to external resources. Services use ephemeral credentials for services to access data stores.

Network Isolation
GoKid limits external access to network services by running them inside a Virtual Private Cloud (VPC) and blocking all unnecessary ports from external traffic. Access to our production network is limited to necessary personnel, logged, and secured using multiple-factor authentication. We use a bastion SSH host to gate all system-level access to production infrastructure.

If you have questions about GoKid’s security practices, please email us at support@gokid.mobi.