Secure by default
Keeping you and your customers protected
Security is the center of everything we build and do – so we make sure our processes and systems are designed to protect our users
Serious about security
We start with our own
We employ a robust process with code and dependencies scanned for security vulnerabilities.
Our team all use multi-factor authentication and access is limited to what they need for their job role.
Vulnerability management
Production services are deployed through CICD pipeline using container technology. Server builds are done at least once a week and replace the existing servers.
All container images are scanned at build. External production URLs and any public facing cloud IP addresses are scanned weekly for vulnerabilities. All vulnerability reports are triaged, analysed, and assigned based on vulnerability management SLAs.
High availability
Production services are designed to be resistant to failure with multiple frontend servers and replicated backend databases.
Currently, all frontend and backend services are run from the AWS Sydney and Oregon regions across multiple availability zones for redundancy.
Take a deeper look at our security policy and documentation
The highest levels of compliance
We take data security incredibly seriously. We want you to trust us and our systems, which is why we’ve sought external certification to ensure our technology infrastructure and your data is kept secure.
ISO 27001
Kinde holds a certificate of registration for ISO 27001 and maintains an information security management system (ISMS) with a dedicated internal security team.
SOC 2
Kinde has completed a SOC 2 Type 1 with report and attestation from AssuranceLab. Reach out to our team if a copy of our report is required.
HIPAA
Kinde is HIPAA compliant and supports our customers as a Business Associate. For Enterprise customers, our team can ensure a Business Associate Agreement is in place before work begins.
GDPR
Kinde is compliant with the GDPR and supports our customers by maintaining strict privacy principles as a Data Processor.
Learn more about our compliance certifications
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law on how to protect sensitive health information, known as Protected Health Information (PHI), which led to the creation of the Privacy Rule and Security Rule. It has since been updated with additional rules and supplemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.
Secure by protocol
We believe in leveraging standards and protocols to help create consistency, protection and trust. Kinde is built from the ground up using the best in class security protocols
OAuth 2.0
We work well with everyone else and keep everyone’s information safe.
TLS 1.2+
Data is kept private and integrity is retained.
CSRF
We prevent cross site forgery attacks on your information.
DMARC
Brings together DKIM and SPF to make sure our email is safe and can't be faked.
DNSSEC
Authenticates DNS requests and prevent attacks.
CSP
We employ a strict CSP policy for referenced, inline scripts, and referenced CSS.
Privacy protection to the max
We’ve done everything to make sure that you don’t have to worry about the privacy of your data when it’s in our care.
Private by design
It’s simple. You always own your data and we will never sell it to third parties. Period.
Manage users
You have the ability to grant, edit and revoke access to your team and to the organizations using your product.
SSO support
We support a variety of social SSO providers as well as custom providers. Which means your customers can keep their data in places they already know and trust.
Encryption in-transit and at-rest
Our systems are designed for encryption at rest using AES256 and in transit with a minimum of TLS 1.2.
Take a deeper look at our privacy policy