Mum and son looking at a glowing phone screen while camping

Serious about security

The center of everything that we build and do.

Our processes and systems are designed to protect our users.

  • Secure development

    A robust process with code and dependencies scanned for security vulnerabilities.

  • Vulnerability management

    Our public endpoints are regularly scanned using state of the art technologies.

  • Data security

    Our team all use multi-factor authentication and access is limited to what they need for their job role.

  • Availability

    Kinde production services are designed to be resistant to failure.

Compliance matters

We take data security incredibly seriously. We want you to trust us and our systems, which is why we’ve sought external certification to ensure our technology infrastructure and your data is kept secure.

Learn more about our compliance certifications

ISO 27001

Kinde holds a certificate of registration for ISO 27001 and maintains an information security management system (ISMS) with a dedicated internal security team.


Kinde has completed a Consensus Assessments Initiative Questionnaire (CAIQ) from the Cloud Security Alliance and submitted to their public STAR registry as a Level 1 self-assessment.

Secure by default

Built from the ground up using the best in class security protocols available today.

OAuth 2.0

We work well with everyone else and keep everyone’s information safe.

TLS 1.2+

Data is kept private and integrity is retained.


We prevent cross site forgery attacks on your information.


Brings together DKIM and SPF to make sure our email is safe and can't be faked.


Authenticates DNS requests and prevent attacks.


We employ a strict CSP policy for referenced, inline scripts, and referenced CSS.

Security features

We’re committed to ensuring the security, reliability and privacy of our product.

  • Private by design

    You own your data and we will never sell it to third parties.

  • Manage users

    Have the ability to give, edit and revoke access (focus on organizations)

  • SSO support

    We support a variety of social SSO providers as well as custom providers.

  • Encryption in-transit and at-rest

    Our systems are designed for encryption at rest using AES256 and in transit with a minimum of TLS 1.2.

Report a security vulnerability

If you have detected a security threat or vulnerability against Kinde systems or personnel, please reach out to your account manager or

Read more about reporting security vulnerabilities