How do we securely store KYC documents?
We are legally bound to provide a proof of source of income to regulators and banks. One of the requirements is to provide evidence of the identity of our Token Sale participants. This is the reason why we needed to implement something which called KYC (Know-Your-Customer) process. We would like to share more about the encryption and our top security standards when it comes to storing your documents.
Upload over the secured HTTPS protocol
The sensitive copies of documents are encrypted and uploaded directly to the secured storage over the cryptographic HTTPS protocol. A client uploads the copies of documents to a signed URL that is used as a temporary access token to send a file directly to the cloud storage. This URL grants only a fraction of what application IAM role allows, limiting to only single file upload within limited time frame.
Secured Amazon S3 storage
For storing the sensitive copies of documents, we use Amazon S3 storage. S3 provides comprehensive security and compliance capabilities that meet even the most stringent regulatory requirements. Physically, data is stored in Amazon’s European data cluster, which is located in Frankfurt, Germany. As is stated on the Amazon S3 website:
“Companies today need the ability to simply and securely collect, store, and analyze their data at a massive scale. Amazon S3 is object storage built to store and retrieve any amount of data from anywhere — web sites and mobile apps, corporate applications, and data from IoT sensors or devices. It is designed to deliver 99.999999999% durability, and stores data for millions of applications used by market leaders in every industry.”
Data protected by encryption
The data stored on Amazon S3 storage servers is protected with strong, multi-factor encryption. It encrypts each object with a unique key and as an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 encryption uses one of the strongest block ciphers available — 256-bit Advanced Encryption Standard (AES-256) — to ensure that your documents are protected.
All accounts that have access to the storage are secured using multi-factor authentication (MFA).
Only a limited number of KYC managers have access to the documents, and after the KYC process is done, each of them will no longer be grated access. Only the root account will retain the access to the storage, so that data will remain protected.
Should you need any further information, please do not hesitate to contact Signals Team at firstname.lastname@example.org.