Security Page
Kahi is serious about security and protecting the privacy of your data. We make it a part of our core development and operating procedures to adopt best-practice industry standards to maintain that stance.
Security and Compliance Frameworks
- SOC 2 Type II
- Kahi maintains a SOC2 Type II attestation and monitors on-going compliance with Vanta. Our Trust Center is available for review to all customers.
- PCI-DSS
- Kahi adheres to PCI-DSS requirements for all financial transactions by leveraging Stripe as a trusted partner to protect your payment instruments.
Product Security
- Penetration testing
- Kahi conducts annual third-party penetration testing. Our current partner FwdSec is a well-respected authority in the field.
- Vulnerability Scanning
- Kahi conducts Vulnerability scanning as matter-of-course in our SLDC.
Data Protection
- Data at Rest
- All data stored in Kahi’s platform databases is encrypted at rest. This means that stored data is protected from unauthorized access.
- Data in Transit
- Kahi uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. This reduces the potential for surface attacks when using our platform on public networks.
Enterprise Security
- Endpoint Security
- All Kahi employees and contractors have mobile device management software and anti-malware protection. This mechanism ensures that security updates are applied and that screen lock is enforced after periods of inactivity
- Security Education
- All Kahi team members take regular security training and are tested with various phishing exercises. Good security hygiene is practiced by leveraging 1Password for unique credential generation, 2FA management and compromise notification for supporting services.
- Vendor Security
- Kahi uses a risk-based approach to vendor security. Considerations include: limiting access to corporate and customer data, integration with production systems and risks to the Kahi brand.