What security and privacy steps does Okomo take?

Security and privacy are a top priority at Okomo. To guarantee this, Okomo takes the following steps and continuously reviews improvements:

• Encryption Data transfer (in traffic): with HTTPS/TSL, automatically renewing certificates
• Encryption Data storage (at rest): databases and data storage are encrypted
• Encryption Calls and screen transmission: End-to-end encryption, using the WebRTC standard
• Infrastructure Updates: Okomo uses standardized, managed App Services on Microsoft Azure which are updated at regular intervals.
• Library Updates: At regular intervals we check the updates used for updates and carry them out promptly.
• Backups: Database and app services are automatically executed several times a day and saved in encrypted form. They are also deleted after 30 days.
• Cross-Origin Resource Sharing is activated
• Content Security Policy to prevent Cross-Site-Scripting (XSS), Clickjacking, Code Injection Attacks is activated
• Service Monitoring: the uptime of Okomo and the services used (Microsoft Azure, Twilio) is continuously monitored and problems are immediately communicated to the appropriate departments via several channels
• Employees are trained in the introduction and at regular intervals on security and data protection. In addition, all devices used are password protected, device encryption is activated and secure passwords (incl. 2FA where possible) are used.
• Employee access to data is reduced to an absolute minimum. Access is only given to people who need access to maintain and develop the Okomo service. Access is logged and checked regularly.
• No credit card details are stored
• In the future, Okomo also plans to conduct a security audit to achieve HIPAA security certification. In the future we also plan to offer a two-factor authentication (2FA) for the Okomo service