Kinde takes data privacy and security very seriously. We want you to trust us and our systems, which is why we engaged in external certification audits and conducted self assessments against globally recognized privacy and security frameworks to ensure our technology infrastructure and your data are kept secure.

Kinde holds a certificate of registration for ISO 27001:2022 and maintains an information security management system (ISMS) with a dedicated internal security team. Our public listing is available on the JASANZ certified organizations register and the IAF CertSearch register. Reach out to our team if a copy of our certificate is required.

ISO 27001 specifies the requirements for establishing, implementing, maintaining and continually improving an ISMS within the context of the organization. This document also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

Kinde is compliant with the GDPR and supports our customers by maintaining strict privacy principles as a Data Processor.

The General Data Protection Regulation (GDPR) is a European Union (EU) regulation on information privacy. It came into effect on May 25, 2018 and places obligations for any company targeting or collecting data related to people in the EU. It’s goal is to increase privacy protections for individuals and standardise data privacy laws across the various EU member countries.

More information about the GDPR and what Kinde does for comply with it can be found on our GDPR page.

Kinde is HIPAA compliant and supports our customers as a Business Associate. Reach out to our team if you need a Business Associate Agreement in place before working with us.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law on how to protect sensitive health information, known as Protected Health Information (PHI), which led to the creation of the Privacy Rule and Security Rule. It has since been updated with additional rules and supplemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.

Kinde has completed a Consensus Assessments Initiative Questionnaire (CAIQ) from the Cloud Security Alliance and submitted to their public STAR registry as a Level 1 self-assessment.

Founded in 2013 by the Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices.

Kinde has completed an MVSP self assessment and implemented all recommended controls. Reach out to our team if you need to review our responses or have questions about specific controls.

Minimum Viable Secure Product (MVSP) is a list of essential application security controls that should be implemented in enterprise-ready products and services. The controls are designed to be simple to implement and provide a good foundation for building secure and resilient systems and services.