Security Page

Kahi is serious about security and protecting the privacy of your data. We make it a part of our core development and operating procedures to adopt best-practice industry standards to maintain that stance.

Security and Compliance Frameworks

image-pngimage-png-1

 

SOC 2 Type II

Kahi maintains a SOC2 Type II attestation and monitors on-going compliance with Vanta. Our Trust Center is available for review to all customers.

PCI-DSS

Kahi adheres to PCI-DSS requirements for all financial transactions by leveraging Stripe as a trusted partner to protect your payment instruments.

Data Protection

Data at Rest

All data stored in Kahi’s platform databases is encrypted at rest. This means that stored data is protected from unauthorized access.

Data in Transit

Kahi uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. This reduces the potential for surface attacks when using our platform on public networks.

Silver Laptop

Product Security

Penetration testing

Kahi conducts annual third-party penetration testing. Our current partner FwdSec is a well-respected authority in the field.

Vulnerability Scanning

Kahi conducts Vulnerability scanning as matter-of-course in our SLDC.

Enterprise Security

svg3654

 

Endpoint Security
All Kahi employees and contractors have mobile device management software and anti-malware protection. This mechanism ensures that security updates are applied and that screen lock is enforced after periods of inactivity
Security Education
All Kahi team members take regular security training and are tested with various phishing exercises. Good security hygiene is practiced by leveraging 1Password for unique credential generation, 2FA management and compromise notification for supporting services.
Vendor Security
Kahi uses a risk-based approach to vendor security. Considerations include: limiting access to corporate and customer data, integration with production systems and risks to the Kahi brand.