We use Amazon Web Services (AWS) to store your data, which is considered the gold-standard for secure data storage. All data is stored in UK based datacenters, served over HTTPS / SSL and fully encrypted in transit and at rest, including all file uploads.
We use a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys, an industry standard for secure encryption.
Database access keys are secured in hardware security modules (HSMs) providing the same AES-256-GCM encryption with physical military grade security.
Our platform is regularly penetration tested via the Immuniweb platform, and we have significant audit trailing to preserve any changes to data.
All our front end applications and APIs sit behind WAFs (Web Application Firewalls) to filter malicious traffic
We have strict CSP (Content Security Policy) and strict-transport-security headers, and API Access is restricted via CORS (Cross Origin Resource Sharing). Kinvault is also on the HSTS preload list, so can not be served without HTTPS on modern browsers.
We have Multifactor Authentication (also known as MFA or 2FA) in place, allowing for TOTP (via an authenticator app on your phone) or SMS/Email as a backup.
Accessing your confidential data after your death requires an identity check and a valid death certificate, unless you’ve explicitly told us to release information earlier.
We never share any of your data with 3rd parties without your express permission. All data changes are fully logged.