Secure by default

Keeping you and your customers protected

Security is the center of everything we build and do – so we make sure our processes and systems are designed to protect our users


Serious about security

We start with our own

We employ a robust process with code and dependencies scanned for security vulnerabilities.

Our team all use multi-factor authentication and access is limited to what they need for their job role.

Vulnerability management

Production services are deployed through CICD pipeline using container technology. Server builds are done at least once a week and replace the existing servers.

All container images are scanned at build. External production URLs and any public facing cloud IP addresses are scanned weekly for vulnerabilities. All vulnerability reports are triaged, analysed, and assigned based on vulnerability management SLAs.

High availability

Production services are designed to be resistant to failure with multiple frontend servers and replicated backend databases.

Currently, all frontend and backend services are run from the AWS Sydney and Oregon regions across multiple availability zones for redundancy.

Take a deeper look at our security policy and documentation


Compliance matters

We take data security incredibly seriously. We want you to trust us and our systems, which is why we’ve sought external certification to ensure our technology infrastructure and your data is kept secure.

Learn more about our compliance certifications

ISO 27001

Kinde holds a certificate of registration for ISO 27001 and maintains an information security management system (ISMS) with a dedicated internal security team.


CAIQ v4

Kinde has completed a Consensus Assessments Initiative Questionnaire (CAIQ) from the Cloud Security Alliance and submitted to their public STAR registry as a Level 1 self-assessment.


Secure by protocol

We believe in leveraging standards and protocols to help create consistency, protection and trust. Kinde is built from the ground up using the best in class security protocols

OAuth 2.0

We work well with everyone else and keep everyone’s information safe.

TLS 1.2+

Data is kept private and integrity is retained.

CSRF

We prevent cross site forgery attacks on your information.

DMARC

Brings together DKIM and SPF to make sure our email is safe and can't be faked.

DNSSEC

Authenticates DNS requests and prevent attacks.

CSP

We employ a strict CSP policy for referenced, inline scripts, and referenced CSS.


Privacy protection to the max

We’ve done everything to make sure that you don’t have to worry about the privacy of your data when it’s in our care.

Private by design

It’s simple. You always own your data and we will never sell it to third parties. Period.

Manage users

You have the ability to grant, edit and revoke access to your team and to the organizations using your product.

SSO support

We support a variety of social SSO providers as well as custom providers. Which means your customers can keep their data in places they already know and trust.

Encryption in-transit and at-rest

Our systems are designed for encryption at rest using AES256 and in transit with a minimum of TLS 1.2.

Take a deeper look at our privacy policy


Report a security vulnerability

If you have detected a security threat or vulnerability against Kinde systems or personnel, please reach out to your account manager or security@kinde.com

Learn more about reporting security vulnerabilities