- All users will need to set a password in order to use AKreport.
- This will make sure that everyone’s data is secure and it will require authentication before getting any data back from our service.
- The password of each user is saved in our database in an encrypted format by using the bcrypt algorithm. You can read more about that here https://en.wikipedia.org/wiki/Bcrypt.
- Nobody knows your password but you, so in case you forget it, we support the functionality of resetting your password by creating a “reset password” token (96 random chars in hex format) that is only valid for 24h, and sending it to your email address. If you fail to use it in this time frame you have to request a new one.
- The authentication then is being realized via creating another auth token that is saved as a browser cookie.
- The authentication tokens will expire after 2 days of their creation. Even if you cache somewhere else your cookie or someone gets a hold of it after 2 days of its creation, it is useless.
- For ease of use, everytime someone signs in our app with a token, the token is renewed and its expiration time, hence the user can stay logged in without having to re-login.
- We are using JWT (json web tokens) which are generated with the algorithm HMAC SHA256. You can read more about JWT here https://jwt.io/introduction/
- Encryption of all data in our database is performed using AES-256-CBC with a random, unique initialization vector for each operation.
- The encrypted data that we store by default in our database are: user created custom aliases, user created custom lists, the customer IDs, email addresses and user preferences.
- What we also store in encrypted format in our database are the imported monthly reports from KDP, only after the user chooses so.
- AKreport will not store any data other than the ones mentioned above.
Our User Data Policy
We agree that we will not sell, rent, or trade your user data with any third-party without your permission.
Want to try AKreport for free?