Secure by default

Keeping you and your customers protected

Security is the center of everything we build and do – so we make sure our processes and systems are designed to protect our users

Serious about security

We start with our own

We employ a robust process with code and dependencies scanned for security vulnerabilities.

Our team all use multi-factor authentication and access is limited to what they need for their job role.

Vulnerability management

Production services are deployed through CICD pipeline using container technology. Server builds are done at least once a week and replace the existing servers.

All container images are scanned at build. External production URLs and any public facing cloud IP addresses are scanned weekly for vulnerabilities. All vulnerability reports are triaged, analysed, and assigned based on vulnerability management SLAs.

High availability

Production services are designed to be resistant to failure with multiple frontend servers and replicated backend databases.

Currently, all frontend and backend services are run from the AWS Sydney and Oregon regions across multiple availability zones for redundancy.

Take a deeper look at our security policy and documentation

The highest levels of compliance

We take data security incredibly seriously. We want you to trust us and our systems, which is why we’ve sought external certification to ensure our technology infrastructure and your data is kept secure.

ISO 27001

Kinde holds a certificate of registration for ISO 27001 and maintains an information security management system (ISMS) with a dedicated internal security team.


Kinde has completed a SOC 2 Type 1 with report and attestation from AssuranceLab. Reach out to our team if a copy of our report is required.


Kinde is HIPAA compliant and supports our customers as a Business Associate. For Enterprise customers, our team can ensure a Business Associate Agreement is in place before work begins.


Kinde is compliant with the GDPR and supports our customers by maintaining strict privacy principles as a Data Processor.

Learn more about our compliance certifications

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law on how to protect sensitive health information, known as Protected Health Information (PHI), which led to the creation of the Privacy Rule and Security Rule. It has since been updated with additional rules and supplemented by the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009.

Secure by protocol

We believe in leveraging standards and protocols to help create consistency, protection and trust. Kinde is built from the ground up using the best in class security protocols

OAuth 2.0

We work well with everyone else and keep everyone’s information safe.

TLS 1.2+

Data is kept private and integrity is retained.


We prevent cross site forgery attacks on your information.


Brings together DKIM and SPF to make sure our email is safe and can't be faked.


Authenticates DNS requests and prevent attacks.


We employ a strict CSP policy for referenced, inline scripts, and referenced CSS.

Privacy protection to the max

We’ve done everything to make sure that you don’t have to worry about the privacy of your data when it’s in our care.

Private by design

It’s simple. You always own your data and we will never sell it to third parties. Period.

Manage users

You have the ability to grant, edit and revoke access to your team and to the organizations using your product.

SSO support

We support a variety of social SSO providers as well as custom providers. Which means your customers can keep their data in places they already know and trust.

Encryption in-transit and at-rest

Our systems are designed for encryption at rest using AES256 and in transit with a minimum of TLS 1.2.

Take a deeper look at our privacy policy

Report a security vulnerability

If you have detected a security threat or vulnerability against Kinde systems or personnel, please reach out to your account manager or

Learn more about reporting security vulnerabilities