KinKeep is built for families managing sensitive caregiving information. We implement industry-standard protections at every layer.
All data encrypted in transit with TLS and at rest with AES-256-GCM. Passwords hashed with bcrypt (12 rounds) — we never store plaintext.
HTTP-only JWT cookies with 7-day expiry. Rate-limited endpoints. HSTS, CSP, X-Frame-Options, and nosniff headers on every response.
Hosted on Vercel with managed PostgreSQL. Our infrastructure providers maintain SOC 2 Type II compliance and undergo regular security audits.
Role-based permissions ensure caregivers only see profiles they're invited to. Full audit logging tracks every access and change.
Bank connections via Plaid use read-only tokens. We never store credentials. Tokens are revoked immediately on account deletion.
Account deletion triggers a hard delete after a 30-day grace period — Plaid tokens revoked, documents purged, audit logs anonymized.
Found something? We take every report seriously. Reach out responsibly and we'll respond promptly.
We take every report seriously. If you discover a security issue, please disclose it responsibly.
security@trykinkeep.com