Security

Your data is not our product.

Kaypo is built on enterprise-grade infrastructure with security controls at every layer.

Built on infrastructure you already trust

Supabase

Database & Authentication

PostgreSQL on Supabase with row-level security enforced at the database layer. Every query is scoped to your organization. No shared tables between customers.

Vercel

Hosting & Edge Network

Deployed on Vercel's global edge network with automatic TLS/SSL, DDoS protection, and 99.99% uptime SLA from the underlying infrastructure.

AWS

Underlying Cloud

Supabase and Vercel both run on AWS infrastructure in US-East regions. Data residency in the United States.

Data protection practices

All data encrypted in transit via TLS 1.2+
All data encrypted at rest via AES-256
Row-level security on every database table
Service role keys never exposed to the browser
Separate credentials per environment (dev/staging/prod)
No plaintext passwords stored — bcrypt via Supabase Auth
API keys stored as environment variables, never in code

Access controls

Kaypo uses a role-based access system. Every user belongs to exactly one organization. Cross-organization data access is structurally impossible — enforced at the database level, not the application level.

Roles: Admin, Conductor, Manager, Member. Each role has explicit permissions. Admins can invite team members. Members cannot access billing or organization settings.

Compliance

StandardStatusNotes
GDPRCompliant practicesPrivacy policy, consent management, deletion requests supported
CCPACompliant practicesDo Not Sell controls, data deletion on request
SOC 2 Type IIIn roadmapTargeting certification after Series A
HIPAANot applicableKaypo does not process health data

SOC 2 Type II certification is planned. If your organization requires SOC 2 before signing, contact us to discuss our security questionnaire process.

Responsible disclosure

Found a security vulnerability? We take all reports seriously and respond within 48 hours.

security@kaypo.io

Subprocessors

We use the following third-party services to operate Kaypo:

SubprocessorPurposeLocation
SupabaseDatabase & AuthUS
VercelHostingUS
ResendTransactional emailUS
People Data LabsContact enrichmentUS
IPinfoIP geolocationUS
StripePayment processingUS
AnthropicAI featuresUS