CompanyKira Security
Trust

Kira Security

A plain-language overview of how Kira protects your data — encryption, access control, monitoring, certifications, and responsible disclosure — with links to the full details.

Security at Kira

Security is built into how Kira is designed and operated. We encrypt your data, restrict and log access, monitor our systems continuously, and review our practices against recognized industry standards.

Full details

This page is a summary. The complete technical detail, certifications, and sub-processor list live on our Security & Compliance page in the legal section.

Highlights

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Least-privilege access with SSO and MFA on eligible plans.
  • Continuous monitoring, logging, and a tested incident-response plan.
  • A privacy-first default: we do not train models on your content unless you opt in.
  • Regular vulnerability scanning and periodic penetration testing.

How we protect your data

LayerWhat we do
EncryptionTLS 1.2+ in transit; AES-256 at rest; managed keys with rotation.
AccessLeast-privilege, role-based access; SSO and MFA; access is logged.
InfrastructureRuns on AWS with isolated production environments.
MonitoringContinuous logging, alerting, and 24/7 on-call response.
Data useNo model training on your content unless you opt in.

Certifications and frameworks

FrameworkStatusScope
SOC 2 Type IIIn progressSecurity, availability, confidentiality
ISO/IEC 27001PlannedInformation security management
GDPRCompliantEU/EEA personal data
CCPA / CPRACompliantCalifornia consumer privacy

Sub-processors and data residency

We rely on a small set of vetted providers, each bound by data-protection terms. The current list, along with regional data-residency options, is maintained on the Security & Compliance page.

Responsible disclosure

We welcome reports from security researchers. If you believe you have found a vulnerability, email security@kira.ai. We acknowledge reports promptly and will not pursue good-faith research conducted under our guidelines.

Standards and references

Frequently asked questions

Quick answers to common questions.

Eligible customers can request our security overview, sub-processor list, attestations, and DPA by emailing security@kira.ai.

No. We do not train models on your content unless you opt in, and never on business customer content.

Email security@kira.ai with details. We acknowledge promptly and protect good-faith research conducted under our guidelines.

Depending on your plan and region, US or EU data residency may be available. See the Security & Compliance page for current options.