Protecting your data our passion
Managing customer data securely is something the Kindly team is truly passionate about. We believe customer trust is something that must be earned every day. To do that we do more than just check boxes but have this promise ingrained into how we build, operate, and manage our systems, as well as processes that put the safety of customer data first.
With the EU General Data Protection Regulation (GDPR) becoming effective on May 25 2018, we have worked to update our policies and practices to align with the new GDPR requirements and principles and ensure a level of security appropriate to the risks as required by GDPR Article 32.
Culture of Security
We've been security minded since day one, putting security first in every step of the development lifecycle. Our entire Kindly product team has been through security training and holds one another's work accountable through regular code reviews, penetration tests, and vulnerability scans.
Kindly is a native cloud application and uses AWS infrastructure. AWS has been accredited under several programs including below:
Kindly keeps data logically separated and tags data by organization throughout the lifecycle. No data is transmitted to Kindly without encryption.
Kindly is hosted on AWS who provides robust physical data center security and environmental controls. Kindly’s corporate office requires badge access for entry, maintains video surveillance, and requires all visitors to sign in and be accompanied when present.
See more about AWS Physical Security here.
Kindly controls access to our production networks through the use of strictly defined rules such as firewalls and requires multi factor authentication where appropriate and encrypted connections. We also utilize logging and email filtering to identify potential security threats.
Our infrastructure is hosted in AWS. See AWS Network Architecture details.
Kindly employs both internal and external testing of our product. We regularly scan source code and systems for vulnerabilities and perform necessary patching and updates based on those results.
Training and Awareness
Kindly requires all employees and contractors to sign a confidentiality agreement prior to commencement. During the on-boarding process, security awareness training is delivered to all new hires and we continually publicize security alerts through our internal communication channels.
Backup and Disaster Recovery
Kindly consistently backups data for the unlikely event of environment failure. All backups are encrypted and stored on AWS.
Kindly encrypts data in transit and at rest on our servers utilizing recognized encryption protocols SSL/TLS for in transit communication channels.
Security Hall of Fame
Thank you to security researchers who have helped us find problems. Please reach out to us with comments and vulnerability reports: [email protected]