We use Amazon Web Services (AWS) to store your data, which is considered the gold-standard for secure data storage. All our data is stored in UK-based datacenters (served over HTTPS / SSL).
All data is fully encrypted, both when it’s uploaded and when it’s at rest in your Kinvault. This includes the content of any files you upload. We use the industry standard for secure encryption (a symmetric algorithm based on Advanced Encryption Standard (AES) in Galois Counter Mode (GCM) with 256-bit keys).
Access to our database uses encryption comparable with physical military grade security. Database access keys are secured in hardware security modules (HSMs) providing AES-256-GCM encryption.
Our platform is regularly penetration tested by a third party using the Immuniweb platform. We have significant audit trailing to preserve any changes to data.
Robust web application firewalls (WAFs) are in place to protect our front-end applications and APIs to prevent malicious traffic from entering our platform.
We have strict CSP (Content Security Policy), strict-transport-security headers, and API Access is restricted via CORS (Cross Origin Resource Sharing). Kinvault is also on the HSTS preload list, so can not be served without HTTPS on modern browsers.
Multifactor authentication (MFA or 2FA) is used to access your Kinvault, which means you’ll be asked for at least two different forms of verification when you log on. We use a time-based one-time password (TOTP) via an app on your phone, with back up via a text message or email.
Accessing your confidential data after your death requires an identity check and a valid notice of death or death certificate, unless you’ve specifically told us to release information earlier.
We never share any of your data with 3rd parties without your express permission, and you can specify how you’d want us to act if an attorney or executor requests information. Data changes are fully logged.