Kinvault & Security

How we keep your information safe

Security

Data Storage

We use Amazon Web Services (AWS) to store your data, which is considered the gold-standard for secure data storage. All data is stored in UK based datacenters, served over HTTPS / SSL and fully encrypted in transit and at rest, including all file uploads.

Encryption

We use a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys, an industry standard for secure encryption.

Database access

Database access keys are secured in hardware security modules (HSMs) providing the same AES-256-GCM encryption with physical military grade security.

Penetration tested

Our platform is regularly penetration tested via the Immuniweb platform, and we have significant audit trailing to preserve any changes to data.

Firewalling

All our front end applications and APIs sit behind WAFs (Web Application Firewalls) to filter malicious traffic

Browser security

We have strict CSP (Content Security Policy) and strict-transport-security headers, and API Access is restricted via CORS (Cross Origin Resource Sharing). Kinvault is also on the HSTS preload list, so can not be served without HTTPS on modern browsers.

Multifactor Authentication

We have Multifactor Authentication (also known as MFA or 2FA) in place, allowing for TOTP (via an authenticator app on your phone) or SMS/Email as a backup.

Identity checks

Accessing your confidential data after your death requires an identity check and a valid death certificate, unless you’ve explicitly told us to release information earlier.

Permissions

We never share any of your data with 3rd parties without your express permission. All data changes are fully logged.