Virtual Call Center

Military Grade Security

KruptoConnect delivers a quality solution while maintaining the confidentiality, integrity, availability and privacy of sensitive data that’s critical to your business and ours.


Network Security

AWS provides a strong foundation of security and compliance which we supplement by employing industry standard network security controls designed to protect Customer Data, including, but not limited to, the following:

We have implemented and maintain a host-based intrusion detection system and network-based intrusion detection system designed to alert us in the event of suspicious activity.

We use HTTPS/TLS with AES-256 encryption to secure connections between browsers, mobile apps, and other components to KruptoConnect and as also add up additional layer of AES-256 encryption on the Socket connection to our platform. There is dual layer of Cryptography which we use to secure the communication.

The data transmission or data exchange between KruptoConnect and the third party that is authorized by the client to receive the data, happens using the top secure file transfer methods such as TLS, SFTP, HTTPS etc

We encrypt call recordings by default. KruptoConnect generates customer specific per recording encryption key used to secure each call recordings. Chat sessions are encrypted in transit.

We use industry standard methods to support encryption. We use a minimum of RSA 2048 bits for asymmetric key encryption. For symmetric key encryption, we use AES 128 bits. For hashing, we use SHA1 and SHA2.

User Access Control

We have implemented and maintain appropriate access controls and the concept of least privilege designed to ensure only authorized users have access to Customer Data within KruptoConnect. User access is logged for audit purposes.

Your User Access (Managed by Us)

KruptoConnect is a managed service. Our responsibilities include, but are not limited to, managing the entire application, creating the users, extensions, and assigning respective access control. The other roles like defining the usernames, creating the passwords with setting minimum length, degree of complexity, a time frame for expiration and defining user roles etc. are defined by the clients.

Our User Access

We will create individual user accounts for each of our employees or contractors that have a business need to access the KruptoConnect production environment. The following guidelines will be followed about our user account management:

  • User accounts are requested and authorized by our management.
  • User accounts follow the concept of least privilege.
  • Dormant or unused accounts are disabled after 90 days of non-use.
  • Session time-outs are systematically enforced.
  • User accounts are promptly disabled upon employee termination or role transfer, eliminating a valid business need for access.

Security Awareness and Training

We have implemented and maintain an information security and awareness program that is delivered to employees and appropriate contractors at the time of hire or contract commencement and annually thereafter. The awareness program is delivered electronically and includes a testing aspect with minimum requirements to pass. Additionally, development staff members are provided with secure code development training.

Policies And Procedures

Policies And Procedures

We maintain policies and procedures to support the information security program. Policies and procedures are reviewed annually and updated.

Change Management

Change Management

We utilize a change management process based on industry standards to ensure that all changes are appropriately reviewed, tested, and approved.

Data Storage And Backup

Data Storage And Backup

We create backups of critical Customer Data according to documented backup procedures. Backup data will not be stored on portable media.

Vulnerability Testing

Vulnerability Testing

We conduct internal vulnerability scanning on a regular basis with automated scans and at least an annual basis for penetration testing engagement

Data Destruction

Data Destruction

We follow AWS standard practices for the destruction of Customer Data that becomes obsolete or is no longer required under the Agreement.

Code Review

Code Review

Applications running within KruptoConnect were developed and are maintained utilizing industry standard secure coding practices and unit testing

Business Continuity and Disaster Recovery

KruptoConnect is deployed and configured in a redundant infrastructure through AWS. Data repositories in KruptoConnect use redundancy and replication designed to maintain availability and avoid data loss in the event of a lost data node.


High Availability

KruptoConnect utilizes AWS services to provide highly available environments, including, but not limited to, the following:

  • Availability Zones (AZs) which consist of one or more discrete data centers, each with redundant power, networking and connectivity, and housed in separate facilities;
  • Auto Scaling Groups (ASGs) to dynamically scale clusters based on demand and automatically launch replacement instances in the event of a failure.
  • AWS Elastic Load Balancers (ELBs) to route internal and external traffic to healthy infrastructure and automatically reroute traffic away from unhealthy infrastructure;
  • Durable message queueing systems that support request queuing and point-to-multipoint notifications. Message queues allow us to both load-balance requests/events and handle load bursts without data loss; and
  • Amazon Simple Storage Service (S3) is an object storage service that is used to store data that can be retrieved at any time and from anywhere from the web. Objects are stored redundantly on multiple locations across the globe.

Security Incident Response

We maintain a Security Incident response program based on industry standards designed to identify and respond to suspected and actual Security Incidents involving Customer Data. “Security Incident” means a confirmed event resulting in the unauthorized use, deletion, modification, disclosure, or access to Customer Data.



In the event of a confirmed Security Incident involving the unauthorized release or disclosure of Customer Data or other security event requiring notification under applicable law, we will notify you within seventy-two (72) hours and will reasonably cooperate so that you can make any required notifications about such event, unless we are specifically requested by law enforcement or a court order not to do so.


Notification Details

  • Date that the Security Incident was identified and confirmed;
  • the nature and impact of the Security Incident
  • actions already taken by us
  • corrective measures to be taken
  • evaluation of alternatives and next steps.


Ongoing Communications

We will continue providing appropriate status reports to you regarding the resolution of the Security Incident, continually work in good faith to correct the Security Incident and to prevent future such Security Incidents. We will cooperate, as reasonably requested by you, to further investigate and resolve the Security Incident.


We are bound to protect the customer data that is dealt with under our control. Our privacy program is designed to respect and safeguard the sensitive data. We do not share, rent or sell any personal information to anyone.

Industry Specific Certifications

Our security and operational controls are based on industry standard practices and are designed to meet, ISO 9001, HIPAA, PCI Service Provider Level 1, and SSAE16 Service Organization Control (SOC) guidelines.

KruptoConnect utilizes infrastructure deployed on Amazon Web Services (AWS). AWS provides the following letters of compliance and/or certification: ISM, ASD, ISO 9001:2008, ISO 27001:2013, ISO 27018:2014, ISO 27017:2015, Multi-Tier Cloud Security Standard Level-3 (CSP) Certification. AWS also undergoes frequent SOC 3 audits. A copy of the certifications and audit reports for AWS are available on the AWS website at

In Summary, our Customers are solely responsible for achieving and maintaining any industry specific certifications required for their business (e.g., PCI DSS, HIPAA, GLBA, NIST 800-53, FedRAMP, etc.).



To help realize this, KruptoConnect cloud contact center lives in multiple availability regions in tier 4 data centers and uses active/active redundancy on AWS Cloud Platform. This means not only is your contact center replicated, but redundant backups are active, routinely tested, and ready to failover in an instant. KruptoConnect is a reliable contact center designed for ease of use and ease of mind.

We know that organizations rely on their contact center to be available always. When customers are reaching out for assistance or information, call center availability is critical.

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.