Security & Trust
Last reviewed:
This page describes how Kiantu protects your data — the system as it actually exists today, not a roadmap. When a control ships, this page is updated. For deeper technical detail or a security questionnaire, write to security@kiantu.com.
Encryption
- In transit. All traffic between clients and the API uses TLS 1.2+.
- At rest. Databases and backups are encrypted at the storage layer.
- Application-level PII encryption. Sensitive fields — like session intent text, notes, and email addresses — get a second layer: envelope encryption (AES-256-GCM) with per-workspace keys, wrapped by a master key held outside the database. A stolen database dump alone is not enough to read them.
- Blind indexes. Lookups over encrypted fields use blind indexes, so finding a record never requires bulk decryption.
Tenant isolation
Isolation is enforced by the database itself, not just application code: every tenant table carries row-level security, every request is pinned to exactly one workspace for the duration of its transaction, and no code path bypasses it — background jobs and health checks included.
Authentication
- Login. Email magic link, Google OAuth, GitHub OAuth, Microsoft OAuth.
- Sessions. Signed session tokens with rotating refresh tokens; sessions can be revoked server-side.
- Credentials. Login codes and links are delivered only via email — they are never exposed through any API response.
- Administrative access. All operator / backoffice access requires WebAuthn step-up for any privileged action.
- SSO & SCIM. On the enterprise roadmap.
Logging & audit
- Every change to customer data is attributed to the actor who made it — human or AI agent — and is auditable.
- A customer-visible audit-log UI and audit streaming to customer SIEMs are on the roadmap.
Data location
All workspaces are hosted in the United States today. EU residency is on the roadmap.
Backups & retention
Encrypted backups run daily with 30-day rolling retention, and point-in-time recovery is available within that window. Application-level retention policies are on the roadmap and not yet enforced — today, your data is retained until you delete it.
Access & least privilege
Production data access follows least privilege: the application runs with a restricted database role that cannot bypass row-level security, and any operator access to customer data is audited and gated behind WebAuthn step-up.
Compliance
- SOC 2. Type 2 audit not yet started. Targeting Type 1 readiness as a precursor to commercial launch.
- ISO 27001. Targeted; gap assessment not yet performed.
- GDPR. The product is built GDPR-first: PII encryption and blind indexes by design, attributable mutations, and support for account merge and deletion. Customer-controlled data export and deletion are on the near-term roadmap.
Reporting a vulnerability
Send a description and reproduction steps to security@kiantu.com. We do not currently run a paid bug bounty programme; we will publicly credit reporters who follow coordinated disclosure.
Sub-processors
See the sub-processor list for the third-party services we use and what each receives.