Kiantu

Security & Trust

Last reviewed:

This page describes how Kiantu protects your data — the system as it actually exists today, not a roadmap. When a control ships, this page is updated. For deeper technical detail or a security questionnaire, write to security@kiantu.com.

Encryption

Tenant isolation

Isolation is enforced by the database itself, not just application code: every tenant table carries row-level security, every request is pinned to exactly one workspace for the duration of its transaction, and no code path bypasses it — background jobs and health checks included.

Authentication

Logging & audit

Data location

All workspaces are hosted in the United States today. EU residency is on the roadmap.

Backups & retention

Encrypted backups run daily with 30-day rolling retention, and point-in-time recovery is available within that window. Application-level retention policies are on the roadmap and not yet enforced — today, your data is retained until you delete it.

Access & least privilege

Production data access follows least privilege: the application runs with a restricted database role that cannot bypass row-level security, and any operator access to customer data is audited and gated behind WebAuthn step-up.

Compliance

Reporting a vulnerability

Send a description and reproduction steps to security@kiantu.com. We do not currently run a paid bug bounty programme; we will publicly credit reporters who follow coordinated disclosure.

Sub-processors

See the sub-processor list for the third-party services we use and what each receives.