Secure by default
Keeping you and your customers protected
Security is the center of everything we build and do – so we make sure our processes and systems are designed to protect our users
Serious about security
We start with our own
We employ a robust process with code and dependencies scanned for security vulnerabilities.
Our team all use multi-factor authentication and access is limited to what they need for their job role.
Production services are deployed through CICD pipeline using container technology. Server builds are done at least once a week and replace the existing servers.
All container images are scanned at build. External production URLs and any public facing cloud IP addresses are scanned weekly for vulnerabilities. All vulnerability reports are triaged, analysed, and assigned based on vulnerability management SLAs.
Production services are designed to be resistant to failure with multiple frontend servers and replicated backend databases.
Currently, all frontend and backend services are run from the AWS Sydney and Oregon regions across multiple availability zones for redundancy.
Take a deeper look at our security policy and documentation
We take data security incredibly seriously. We want you to trust us and our systems, which is why we’ve sought external certification to ensure our technology infrastructure and your data is kept secure.
Learn more about our compliance certifications
Kinde holds a certificate of registration for ISO 27001 and maintains an information security management system (ISMS) with a dedicated internal security team.
Kinde has completed a Consensus Assessments Initiative Questionnaire (CAIQ) from the Cloud Security Alliance and submitted to their public STAR registry as a Level 1 self-assessment.
Secure by protocol
We believe in leveraging standards and protocols to help create consistency, protection and trust. Kinde is built from the ground up using the best in class security protocols
We work well with everyone else and keep everyone’s information safe.
Data is kept private and integrity is retained.
We prevent cross site forgery attacks on your information.
Brings together DKIM and SPF to make sure our email is safe and can't be faked.
Authenticates DNS requests and prevent attacks.
We employ a strict CSP policy for referenced, inline scripts, and referenced CSS.
Privacy protection to the max
We’ve done everything to make sure that you don’t have to worry about the privacy of your data when it’s in our care.
Private by design
It’s simple. You always own your data and we will never sell it to third parties. Period.
You have the ability to grant, edit and revoke access to your team and to the organizations using your product.
We support a variety of social SSO providers as well as custom providers. Which means your customers can keep their data in places they already know and trust.
Encryption in-transit and at-rest
Our systems are designed for encryption at rest using AES256 and in transit with a minimum of TLS 1.2.