Security & Data Protection | Kindly AI Platform

Discover a fully customisable Conversational AI that integrates with any platform

Kindly is an immersive Conversational AI that transforms digital engagement into humanlike interactions between your brand and your shoppers. Our platform is powered by machine learning technology, and it fully integrates into diverse platforms like Slack, MailChimp, Facebook Messenger, Giphy, Zendesk, and more.

Certified according to the ISO/IEC 27001:2022 standard, ensuring rigorous security controls are in place to protect your data.

You retain full ownership and control over your data - configurable directly within our platform.

Our platform is built by developers trained in OWASP principles and best practices for secure coding.

We are committed to building responsible, transparent AI in line with the EU AI Act requirements.

Web Application Security Features

Kindly’s web application is built with security at its core, enabling customers to control access, protect data, and detect misuse. Security controls are embedded into the application architecture and continuously improved.

Our web application security includes:

Role-Based Access Control (RBAC): Fine-grained access control at organization and workspace level, supporting both predefined and custom roles.
Single Sign-On (SSO): SSO integration with identity providers like Microsoft Entra ID and Google to centralize and secure authentication.
Multi-Factor Authentication (MFA): MFA support is available for all customer users via OTP or SSO.
Strong password policy: Passwords must meet strict complexity requirements. No default or temporary passwords are used.
Brute-force protection: Login attempts are rate-limited.

Automatic data masking: Sensitive data (e.g. emails, SSNs) can be automatically anonymized or masked using configurable filters.
Audit logs: All critical actions are logged with user ID, timestamp, action type, and affected objects. Audit logs are immutable and searchable.
Session security: Sessions are managed securely with appropriate expiration, token rotation, and protection against session hijacking.

Technical Security

Kindly’s infrastructure is designed for resilience, scalability, and security. We apply a layered approach to protect our systems and your data at every level — in line with ISO 27001 requirements and cloud security best practices. The data is securely stored in EU data centers.

Our infrastructure security includes:

Autoscaling: Core services scale automatically to maintain performance and availability under load.
Audit logging: All infrastructure access and changes are logged and stored securely for traceability and compliance.
Patch management: Systems are regularly updated with critical security patches and monitored for vulnerabilities.
Secrets management: Sensitive credentials and tokens are stored securely using managed secret stores with strict access controls.
Vulnerability scanning: Automated scans are regularly performed to identify known security issues across systems and dependencies.
Penetration testing: Independent penetration tests are conducted on a regular basis to uncover and address potential vulnerabilities.

Data encryption in transit and at rest: All data is encrypted using industry standards (TLS 1.2+ for data in transit, AES-256 for data at rest).
Secure password storage: Passwords are hashed using PBKDF2 + HMAC-SHA256 with unique salts.
System hardening: Components are hardened based on security benchmarks.
Logging and monitoring: Infrastructure events are logged and monitored continuously.
Threat detection: Services are run to help detect anomalies and threats in real time.
Role-Based Access Control (RBAC): Access to infrastructure components is tightly controlled, role-scoped, and reviewed regularly.
Backups: Point-in-time recovery backups are maintained with automatic integrity checks and encrypted storage.
DDoS protection: Protection against volumetric and application-layer attacks.
Redundant architecture: Services are deployed across multiple data centers with failover mechanisms in place.

Organizational Security

Kindly operates under an ISO 27001-certified Information Security Management System (ISMS), with structured controls to secure our people, processes, and infrastructure.

Our organizational security includes:

Screening & training: Background checks and annual security awareness training for all employees.
Access & policy controls: Role-based access, MFA on production systems, and enforced internal security and acceptable use policies.
Device & asset protection: All company devices are configured according to security best-practices and monitored.
Secure operations & communication: Operational changes follow strict workflows with audit logging. Internal communication tools are secured with encryption and access control.
Development & cryptographic security: Secure coding practices, automated testing, and strong encryption are in place across environments.

Physical security: Access to office spaces and production infrastructure is restricted, logged, and monitored. Data centers meet high physical security standards.
Incident & risk management: Defined processes for detecting, handling, and escalating incidents. Risk and vendor assessments are performed regularly.
Audits & monitoring: Ongoing internal audits and annual external certification ensure effectiveness of all security controls.
Continuity & recovery: We maintain tested business continuity and disaster recovery plans, including backup, failover, and restoration procedures.

Screening & training: Background checks and annual security awareness training for all employees.
Access & policy controls: Role-based access, MFA on production systems, and enforced internal security and acceptable use policies.
Device & asset protection: All company devices are configured according to security best-practices and monitored.
Secure operations & communication: Operational changes follow strict workflows with audit logging. Internal communication tools are secured with encryption and access control.
Development & cryptographic security: Secure coding practices, automated testing, and strong encryption are in place across environments.
Physical security: Access to office spaces and production infrastructure is restricted, logged, and monitored. Data centers meet high physical security standards.
Incident & risk management: Defined processes for detecting, handling, and escalating incidents. Risk and vendor assessments are performed regularly.
Audits & monitoring: Ongoing internal audits and annual external certification ensure effectiveness of all security controls.
Continuity & recovery: We maintain tested business continuity and disaster recovery plans, including backup, failover, and restoration procedures.

Security & Privacy at Kindly