Legal & PoliciesSecurity & Compliance
Trust

Security & Compliance

How Kira protects your data — our infrastructure, encryption, access controls, certifications, and the providers we rely on.

Effective June 1, 2026Last updated June 2026

Our approach to security

Security is built into how Kira is designed, not added at the end. We follow the principle of least privilege, encrypt data by default, monitor our systems continuously, and review our practices against recognized industry standards.

Infrastructure

Kira runs on Amazon Web Services (AWS) in data centers that maintain leading physical and environmental security controls. Production systems are isolated from development environments, and access to infrastructure is restricted, logged, and reviewed.

Encryption

  • Data in transit is encrypted using TLS 1.2 or higher.
  • Data at rest is encrypted using AES-256.
  • Secrets and keys are managed through a dedicated key management service with regular rotation.

Access controls

  • Single sign-on (SSO) and multi-factor authentication (MFA) are available on eligible plans.
  • Internal access to customer data is limited to staff who need it for support or operations and is logged.
  • Role-based access controls govern what each team member can see and do inside your workspace.

Certifications and frameworks

We align our program with widely recognized frameworks and pursue independent attestation as we scale.

FrameworkStatusScope
SOC 2 Type IIIn progressSecurity, availability, confidentiality
ISO/IEC 27001PlannedInformation security management
GDPRCompliantEU/EEA personal data
CCPA / CPRACompliantCalifornia consumer privacy
Note

Certification statuses above are illustrative placeholders. Update them to reflect your current attestations before publishing.

Sub-processors

We rely on a small set of vetted providers to deliver the service. Each is bound by data-processing terms consistent with our obligations to you.

ProviderServiceRegion
Amazon Web ServicesCloud infrastructure and storageUS / EU
StripePayment processingUS / EU
A model providerLarge language model inferenceUS
An email delivery providerTransactional emailUS

Vulnerability management

We scan our systems for vulnerabilities, patch on a risk-based schedule, and run periodic penetration tests. We welcome reports from security researchers through our Responsible Disclosure process.

Incident response

We maintain an incident-response plan and a 24/7 on-call rotation. If a security incident affects your data, we will notify you without undue delay and within the timeframes required by applicable law. Contact security@kira.ai for security questions.

Standards and references

Our security program is informed by the following recognized standards and authorities:

Frequently asked questions

Quick answers to common questions.

Data is stored on AWS infrastructure. Depending on your plan and region, you may be able to choose a US or EU storage region.

Yes. Data is encrypted in transit with TLS 1.2+ and at rest with AES-256.

Customers on eligible plans can request our security overview, sub-processor list, and applicable attestations by contacting security@kira.ai.

Please email security@kira.ai with details. We acknowledge reports promptly and will not pursue good-faith research conducted under our disclosure guidelines.