Security Portal
Autonomous API testing that replaces manual scripts, brittle automation, and fragmented tools.
Compliances
For the most up-to-date reports of our compliances, please contact security@kusho.ai
Product Security
Secure software development lifecycle (SDLC) with regular security reviews
Automated and manual security testing, including static and dynamic analysis
Regular penetration testing by third-party security firms
Protection against common web vulnerabilities (OWASP Top 10, etc.)
Secure authentication and authorization mechanisms (OAuth, SSO)
Role-based access control (RBAC) for fine-grained permissions
End-to-end encryption for data in transit and at rest
Data Security
Data encryption: AES-256 for storage, TLS 1.2+ for transmission
Data integrity monitoring and anomaly detection
Regular data backups with encrypted storage and disaster recovery plans
Granular data access policies with audit logs
Data classification and handling policies based on sensitivity levels
Protection against unauthorized data modifications or deletions
Legal
Compliance with SOC 2 Type II and ISO 27001
Terms of Service and Acceptable Use Policy enforcement
Data Processing Agreements (DPA) available for customers
Subprocessor transparency and vendor security assessments
Incident response and breach notification policies
Legal obligations for data retention and deletion
Data Privacy
No unnecessary collection of personal data; minimal data retention
User-controlled data deletion and anonymization options
Privacy-by-design approach in all features and services
Transparent data usage policies and user consent mechanisms
Access Control
Role-based access control (RBAC) with least privilege principles
Just-in-time (JIT) access provisioning for sensitive operations
Secure access logging and real-time monitoring
Strict access controls for production environments
Infrastructure
Hosted on AWS in the eu-north-1 region with high availability
Network security measures: firewalls, DDoS protection, IDS/IPS
Regular vulnerability assessments and patch management
Cloud security best practices and least-privilege access for cloud resources
Corporate Security
Employee security awareness training and phishing simulations
Background checks and security screening for employees
Strict policies for handling customer data and internal access controls
Secure internal communication tools and encrypted messaging
