SERVICE AVAILABILITY & DATA SECURITY
Kumulos maintains SDKs for all modern mobile app development languages and frameworks (including Swift, Objective-C, Android Java/Kotlin, Flutter, ReactNative, Cordova & Ionic/Capacitor, Xamarin and Unity) as well as a Web SDK for websites and PWAs. For ease of integration, all SDKs are distributed via the appropriate package manager for each language or framework (for example Swift SDK can be integrated via Carthage, CocoaPods or Swift Package Manager). For further details, please see documentation for relevant SDK.
We take the performance of our SDKs very seriously and ensure they are responsible citizens on the mobile device. Events are grouped and uploaded in batches to minimize impact on battery and cellular radios. Our SDKs do not initiate any long running background processes or access any services on the device other than for the purpose of messaging. Optional features are off by default and out-of-the box our SDKs do not track any Personally Identifiable Information or use any advertising or other tracking identifiers.
Our Android AAR is only 172KB and our Swift framework is only 2.7MB. Our SDKs contain only the code required to perform the functions intended and care is taken to limit the overall number of methods (which is very important for Android apps).
We believe in full transparency and all SDK source code is available open-source under MIT License on GitHub.
Kumulos is hosted with Digital Ocean, one of the world’s largest providers of dedicated and cloud-based hosting, with whom we enjoy a close working relationship. For full details of data center certifications, please submit a technical support ticket or contact us.
Kumulos is a series of independent micro-services, each of which is horizontally scalable using load-balancers and disk-backed queues with retry and backoff.
Kumulos aims to ensure that all load balancers, API servers and Backend-as-a-Service database hosting are available 99.99% of the time within any given monthly period.
Kumulos aims to ensure that the agency console is available 99.98% of the time within any given monthly period.
FAIR AND ACCEPTABLE USE
Kumulos reserves the right to suspend any apps whose actions jeopardize the availability of the service due to behavior deemed unacceptable (for example: sending of unsolicited emails).
MONITORING AND ALERTING
All Kumulos infrastructure is monitored 24 hours per day, 365 days per year using industry standard monitoring, alerting and trending / capacity planning tools.
Our DevOps team are on-call and will respond to any unplanned interruption, details of which will be posted on https://status.kumulos.com.
Kumulos aims to run the current stable version of all software packages from operating system level up across its entire infrastructure. Non-intrusive patches that can be applied online are done so nightly. Kumulos aims to deploy critical security patches that require a reboot (for example kernel level packages) within 72 hours of general availability.
Updates and new versions of the Kumulos platform are deployed automatically when unit test suite has passed and after integration and system testing. Details of major releases will be posted to the agency console.
Kumulos aims to give 72 hours notice for any scheduled maintenance activities (such as rebooting to deploy patches). Details of such maintenance activities will be posted on https://status.kumulos.com. Downtime of such maintenance does not contribute towards service availability.
The Kumulos infrastructure is horizontally scalable and our experienced Devops team proactively provision additional infrastructure to cope with anticipated demand.
DATA SECURITY AND INTEGRITY
All data transfer to/from Kumulos APIs should be via HTTPS using standard TLS encryption. Kumulos uses strong ciphers and aims to maintain an A+ rating from Qualsys SSL Labs.
Data is stored in single tenant databases, one for each Kumulos customer. Access is secured and restricted to our DevOps team for the purposes of maintenance and service availability only.
Analytics data and in-app events are retained for a default period of 13 months. However, longer retention policies are available. Please contact us to discuss your retention policy requirements.
As described above, all data transfer to/from Kumulos is encrypted in transit. Full data encryption at rest is also available. Please contact us to discuss your exact data storage encryption requirements.
Access logs for API methods that access and manipulate data stored in the Backend-as-a-Service feature, are retained for a period 12 months. For all other features, API access logs are retained for a period of 30 days.
Data is replicated real-time to locally redundant servers within same data center. Nightly images are transferred off-site.
When an app sends data to Kumulos, the IP Address of the sending device is used to perform a geo-ip lookup to determine the approximate current location to country and city level granularity only. The IP Address may persist in web server log files for a period of up to 30 days before log files are rotated.
Geolocation based targeting features (geofences and beacon proximity) are not enabled by default. Any customers wishing to use these features and send granular location updates to Kumulos, must obtain explicit consent from users of their app as dictated by the iOS and Android mobile operating systems. For the purposes of geolocation-based targeting, Kumulos will store current location and history of geofence entry/exit and beacon proximity events only. Granular location history is not retained.
Kumulos generates a unique, anonymized UUID to identify and associate events from an installation of an app on a device. Kumulos does not use Apple IDFA or any other tracking identifiers for the purposes of advertising.
PERSONALLY IDENTIFIABLE INFORMATION
Kumulos does not collect or store any Personally Identifiable Information (PII). It is the responsibility of any customers who choose to store any PII in Kumulos to obtain the appropriate consent from users of their app.
GENERAL DATA PROTECTION REGULATION
Any customers collecting and storing Personal Data of EU Citizens, must comply with General Data Protection Regulation (GDPR). We are happy to enter into a Data Processing Agreement (DPA) in our role as data processor with any such customers in their role as data collector. For more details, please submit a technical support ticket or contact us.
Kumulos maintains a user-guide describing how to integrate use all Kumulos features online at https://docs.kumulos.com and aims to update this as and when new features are released.
Kumulos will provide technical support on all aspects of integrating and using Kumulos within a mobile app project. However, Kumulos will not support parts of the mobile app itself that do not relate to the use of the Kumulos SDK.
Support requests should be submitted from Agency console providing as much detail as possible. Support tickets are only accepted from customers and active trialists.
Kumulos aims to respond to all tickets within one working day and reserves the right to prioritize tickets accordingly based on the severity of the issue.