Trust

Security & Trust

This page is maintained by Kyrovo to answer common security and privacy questions about the Kyrovo service. It describes the controls we actively operate today. It is not an audit or certification.

Available in 8 languages via the language switcher (top-right). The English version is authoritative.

SOC 2 Type 1 readiness: Kyrovo is preparing for a SOC 2 Type 1 examination against the AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy). The controls below describe our current operating practice. We are not currently SOC 2 certified. When the examination completes we will link the auditor's report here.

Security

  • TLS 1.3 in transit; AES-256 encryption at rest via managed Postgres
  • Row-Level Security enforced on every user-data table (scoped to auth.uid())
  • Secrets stored in the managed secret store; never in source, never in logs
  • Cloudflare WAF + rate limiting on the public edge
  • 2FA required on all Kyrovo staff accounts that can access production

Availability

  • Multi-AZ managed Postgres with automatic failover
  • Daily encrypted backups; 7-day point-in-time recovery
  • Cloudflare edge caching for static assets and marketing pages
  • Publicly measured uptime target: 99.9% monthly for the core check-in flow

Processing integrity

  • All user input validated with typed schemas (Zod) on both client and server
  • Deterministic scoring: identical inputs always produce identical scores
  • AI-generated plan drafts are rendered from server-side templates using only numeric scores
  • Payment reconciliation cross-checks Stripe webhook events against database state

Confidentiality

  • Least-privilege access: production data is read only through auditable admin flows
  • Kyrovo staff never see individual check-in answers; only aggregated telemetry
  • AI Gateway receives no identifiers — no name, email, employer, or free-text
  • Sub-processor data flows documented at /subprocessors

Change management

  • Every code change reviewed and merged via pull request; no direct writes to production
  • Automated build, typecheck, and dependency-vulnerability scan on every deploy
  • Database migrations version-controlled and applied through a single reviewed pipeline
  • Roll-forward strategy with the ability to redeploy the previous build within minutes

Incident response

  • On-call engineer notified for production errors and auth anomalies
  • Documented runbooks for: data-access incident, sub-processor compromise, payment fraud
  • GDPR-compliant notification: personal-data breach reported to the relevant DPA within 72 hours
  • Users notified without undue delay when a breach is likely to affect their rights

Vendor security

Every sub-processor Kyrovo relies on is reviewed for SOC 2 / ISO 27001 posture before onboarding and re-reviewed annually. The full list lives at /subprocessors and any change is announced at least 30 days in advance.

Responsible disclosure

If you believe you have found a security vulnerability in Kyrovo, please report it privately to security@getkyrovo.com. We commit to acknowledge your report within 2 business days and to work with you on coordinated disclosure. We do not initiate legal action against good-faith researchers who follow this policy.

Contact