Security Policy

1. Our Commitment to Security

At Campaign Knock, we understand that political campaigns handle sensitive voter data and confidential campaign information. We are committed to maintaining the highest standards of security to protect your data and ensure the integrity of our platform.

2. Data Encryption

2.1 Encryption in Transit

All data transmitted between your devices and our servers is protected using:

• TLS 1.3 encryption for all web traffic
• HTTPS connections enforced across our entire platform
• Certificate pinning to prevent man-in-the-middle attacks
• Perfect Forward Secrecy (PFS) for all encrypted connections

2.2 Encryption at Rest

All stored data is protected using:

• AES-256 encryption for database storage
• Encrypted file systems for all server storage
• Separate encryption keys for different data types
• Regular key rotation procedures

3. Access Controls

3.1 User Authentication

• Strong password requirements with complexity validation
• Multi-factor authentication (MFA) available for all accounts
• Session management with automatic timeouts
• Account lockout protection against brute force attacks
• Password reset with secure verification processes

3.2 Role-Based Access Control

• Granular permissions based on campaign roles
• Principle of least privilege access
• Regular access reviews and deprovisioning
• Audit logs for all access and permission changes

4. Infrastructure Security

4.1 Cloud Security

Our infrastructure is hosted on reputable cloud services that provide:

• Industry-standard cloud security practices
• Professional hosting infrastructure
• Regular security updates and patches
• Basic firewall protection
• Standard hosting provider protections

4.2 Application Security

• Secure development practices
• Input validation and data sanitization
• Protection against common web vulnerabilities
• Regular security updates and patches
• Code review processes

5. Monitoring and Incident Response

5.1 Security Monitoring

• Server monitoring and basic alerting
• Application error logging and tracking
• Access logging for security review
• Regular security monitoring practices
• Proactive issue identification and resolution

5.2 Incident Response

In the event of a security incident:

• Prompt assessment and response procedures
• Timely notification to affected users
• Coordination with appropriate authorities when necessary
• Investigation and remediation efforts
• Communication about incidents as appropriate

6. Security Standards and Best Practices

Campaign Knock follows industry security best practices and works toward compliance with relevant standards:

• Implementation of security controls based on industry standards
• Privacy-by-design principles for data protection
• Awareness of GDPR and CCPA requirements for applicable users
• Following political data security best practices
• Ongoing security improvements and assessments

7. Data Backup and Recovery

7.1 Backup Procedures

• Regular backups of critical data
• Secure backup storage practices
• Data recovery procedures when needed
• Backup verification and testing

7.2 System Availability

• Efforts to maintain high system availability
• Server monitoring and maintenance
• Disaster recovery planning and preparation
• Continuous improvement of system reliability

8. Team Security

8.1 Personnel Practices

• Security awareness for team members
• Confidentiality commitments regarding user data
• Responsible data handling practices
• Ongoing security education and improvement

8.2 Access Management

• Limited access to user data on need-to-know basis
• Regular review of system access
• Secure authentication for administrative functions
• Logging of administrative actions

9. Third-Party Services

We work with reputable third-party services and vendors:

• Selection of established, trusted service providers
• Review of vendor security practices where possible
• Appropriate agreements regarding data handling
• Limited data sharing based on service requirements
• Regular evaluation of third-party relationships

10. User Security Best Practices

We recommend the following security practices for all users:

• Enable multi-factor authentication on your account
• Use strong, unique passwords for your Campaign Knock account
• Keep your devices and browsers updated
• Log out when using shared or public computers
• Be cautious of phishing attempts and suspicious emails
• Report any suspicious activity immediately
• Regularly review your account activity and users

11. Vulnerability Disclosure

We welcome responsible disclosure of security vulnerabilities:

• Email security reports to: knock@campaignknock.com
• We investigate all reports within 24 hours
• We provide updates on investigation progress
• We acknowledge researchers who help improve our security
• We do not take legal action against good-faith security research

12. Security Updates and Communication

We keep our users informed about security:

• Regular security updates and maintenance
• Proactive communication about security improvements
• Security advisories when necessary
• Security blog posts and best practices
• Annual security transparency reports

13. Contact Information

For security-related questions or concerns, please contact us:

• Security Email: knock@campaignknock.com
• General Support: knock@campaignknock.com/li>