Additional Tools and Resources
      Back to home
      1. Support Center
      2. Installation Guides and Resources
      3. Additional Tools and Resources

      Security of the Kaiterra Platform

      This document summarizes the security architecture for the Kaiterra platform.

      Data At Rest

      At Kaiterra, we care about your data security as much as your air quality. That’s why we use the industry standard AES-256 algorithm to encrypt everything we store: sensor data and metadata, account information, and logs.

      Encryption at rest includes the underlying storage for database instances, automated backups, read replicas, snapshots, and all stages of the processing pipeline.

      Data In Transit

      Once configured, Kaiterra devices do not accept any incoming network connections. Devices communicate with external services via outbound connections only

      Once a device establishes an internet connection over Ethernet or WiFi, all data in transit is encrypted over TLS/SSL connections. 

      Sensor readings use MQTT TLS 1.2 encryption over port 8884 to Kaiterra’s Cloud. Our customers may use a secondary MQTT broker if they choose, which may be on-prem or internet connected. 

      A device will also send requests to Kaiterra’s API for configuration and firmware over-the-air (OTA) updates using HTTPS/TLS 1.2 encryption over port 443.

      Device HW Security

      The root file system on Kaiterra’s sensor is read-only. Sensor data is processed in-memory and not stored. Each device has a unique certificate to authenticate with our cloud.

      Web Dashboard Account Security

      Kaiterra supports Single Sign-On (SSO) to authenticate customers with their own systems without requiring them to make Kaiterra-specific credentials. 2-Factor Authentication (2FA) can be enabled with configuration.

      Kaiterra customers can administer user access to the Web Dashboard.

      Password and Credential Storage 

      Kaiterra uses industry-standard password complexity requirements. Credentials are stored using bcrypt with a cost of 10 and unique per-account salts. Forced password resetting can be enforced with SSO integrations, upon request.

      API Authentication

      Kaiterra’s API allows our customers to consume their air quality data in external applications. API keys or token authentication are required for access. All requests must be HTTPS.

       

      At Kaiterra, keeping our customers’ data secure is our top priority. We employ rigorous security measures to ensure that your data and applications remain safe. Our security policy and documentation are continuously assessed and reviewed annually to reflect any changes. If you have any questions, please don’t hesitate to contact .