Once data (user-added data) is imported into Knarr, either via CSV upload, connection to a database like SQL, or import from a cloud service like MailChimp, that data is stored on disk in a binary file on an Amazon EFS temporary file system. It is partitioned physically at the dataset level, i.e. each dataset within each project in Knarr is physically partitioned from every other dataset in separate sections of the Amazon EFS volumes. This data is encrypted both in transit via our repository API and on disk at rest via Amazon's EFS encryption capabilities. These binary files are singularly stored and not replicated across any other volumes to allow for additional security and control.
After 30 days, files that have not been accessed are moved automatically to AWS Glacier for long-term storage until they are accessed again, at which point they are moved back to the EFS volume and accessible from there.
Datasets that are deleted in the Knarr UI are permanently and irrevocably removed from the Amazon EFS and/or Glacier volumes. By default, these EFS and Glacier volumes are not backed up anywhere, and as a result, no purging of backup systems is required to remove user-added data.
Warm and cold backups of data, as well as complete environment segmentation, are available to Enterprise customers for an upcharge, at which point the specifics of the backups and purging mechanisms are handled on a per-customer basis.
It is important to note that the EFS and Glacier volumes sit behind an Amazon VPC and are inaccessible to the internet and only accessible from the Knarr Application Servers via IAM security groups.
This post talks about Knarr's security policy for both user and Knarr Employee authentication to internal systems.
Please reach out to firstname.lastname@example.org for any further questions or concerns about data security and/or infrastructure.