Nowadays, people often feel unappreciated at work. Karma is on the mission to end that.We simply help people to say ‘thank you’ more often and connect with each other.- Share micro-feedback instantly - Set real-life perks and rewards - Engage with your team and gain valuable insights - Analyse appreciation and praise activity through reports - Reinforce long-term vision and goals - Enable and propagate your company valuesQuick setup | Team on-boarding guide | Testimonials | Tutorials1,000+ teams who use Karma for daily appreciation, recognition and rewards. 100,000+ happy customers, 1M+ karma sent to date. Notable clients: VMWare, Twitter, Expedia, Toyota, Capgemini, SalesforceIQ, Deloitte Digital, Nintendo, AMD Team, Washington Post, SignalCo, Smartsheet, Red Hat, Inc., Walmart, BuzzFeed, Dropbox, PwC ICC, Hi5 Studios, TLC.Karma Pro requires a paid subscription and comes with a 30-day free trial.
Karma will be able to view:
Karma will be able to do:
Review the details to better understand this app’s security practices. To learn more about assessing apps for your workspace visit our Help Center.
Our employees must protect our records, whether marked as confidential or not. Electronic records will be protected by passwords, firewalls and other security settings (both locally and in the cloud.) Employees are responsible for keeping these records intact. For example, if an employee shares a Google spreadsheet, they must decide whether to give colleagues permission to edit, view or comment. Employees should not grant editing privileges unless necessary. Also, when employees access electronic, confidential records outside of our offices, they should ensure that both their devices and networks are secure. They should not leave their screens and devices unattended while logged in to our company’s accounts. After the bot has been deleted and data retention period of 30 days has passed, we delete all Karma records related to the team that stopped using the bot completely and actively deleted it from its workspace. Such digital 'shredding' is done once a day automatically.
Data archiving and removal policy
Records may also be discarded upon request from a stakeholder. For example, a customer or partner may ask us to delete their information from our databases. In this case, managers should authorise employees to discard relevant records. We expect our employees to always respect our confidentiality policy. When files need to be discarded, employees must not create copies or store information on their devices. This may constitute a security breach and warrant disciplinary action. At any moment a customer with admin/owner rights and access to `Billing page > Danger zone` can reset and delete all data stored at Karma. This process is irreversible. All data related to deleted users gets anonymised. We keep Karma points, but completely anonymise the profile.
Data storage policy
Karma's product security team has built a robust secure development lifecycle, which primarily leverages GitLab CI/CD. All identified vulnerabilities are validated for accuracy, triaged, and tracked to resolution. All data transmitted between Karma clients and the Karma service ("Data in transit") is done so using strong encryption protocols. Karma supports the latest recommended secure cypher suites to encrypt all traffic in transit, including the use of TLS 1.3 protocols, AES256 encryption, and SHA2 signatures. We utilise CloudFlare to enhance encryption and security. Data at rest in Karma's production network uses the Advanced Encryption Standard (AES) algorithm to encrypt data at rest. AES is widely used because both AES256 and AES128 are recommended by the National Institute of Standards and Technology (NIST) for long-term storage use (as of November 2015), and AES is often included as part of customer compliance requirements. In addition to the storage system level encryption described above, in most cases data is also encrypted at the storage device level, with at least AES128 for hard disks (HDD) and AES256 for new solid state drives (SSD), using a separate device-level key (which is different than the key used to encrypt the data at the storage level). As older devices are replaced, solely AES256 will be used for device-level encryption. See the diagram at https://karmabot.readme.io/docs/karmabot-security-documentation
Data center location(s)
Data hosting details
The data is securely stored at AWS cloud and on DigitalOcean droplets.
Data hosting company
App/service has sub-processors
Certifications & compliance
Data deletion request procedure
When someone requests their personal data to be removed/anonymised/deleted we apply the following procedures (in order of priority): - Create a support ticket - Notify team admin/owner, a person who can confirm that the request is coming from the actual team member - When the identity is confirmed, Karma's employee securely anonymises/removes the relevant data - We notify the person who sent the original request and close the support ticket
While this app may offer HIPAA compliance, Slack does not have a business associate agreement with any third-party application providers, including those in the Slack App Directory, so you are responsible for validating the provider's compliance and executing an appropriate agreement before enabling.
Date of latest pen test
Executive summary is available to potential customers upon request
Supports Security Assertion Markup Language (SAML)
Has a dedicated security team
Contact for security issues
Has a vulnerability disclosure program
Has a bug bounty program
Requires third party authorization/connections
Third party services used by this app
Stripe, Google Analytics, Mixpanel, Crisp, Satismeter, Profitwell, Mailerlite.