Products
Solutions
Company
Resources
Log inBook demo
Kindly GPT
Machine learning and generative AI that just works
Kindly Platform
Build an exceptional chatbot - made easy
Kindly Chat
Delivering automated support and 24/7 service
Analytics
Get the full picture with our snappy analytics tool
The Kindly Blog
Industry trends, product updates, and strategic insights
Case studies
How we’ve helped our clients boost growth and satisfaction
Documentation
Learn how easy it is to implement and use Kindly
Guides
Explore expert tips and best practices
Security & Privacy at Kindly
Security & Privacy
at Kindly
You can trust us with your data — we take that seriously.

Kindly is built with privacy, security, and compliance in mind, across our platform, infrastructure and internal operations.
Some of our highlights
Certified according to the ISO/IEC 27001:2022 standard, ensuring rigorous security controls are in place to protect your data.
You retain full ownership and control over your data - configurable directly within our platform.
Our platform is built by developers trained in OWASP principles and best practices for secure coding.
We are committed to building responsible, transparent AI in line with the EU AI Act requirements.
Web Application Security Features
Kindly’s web application is built with security at its core, enabling customers to control access, protect data, and detect misuse. Security controls are embedded into the application architecture and continuously improved.

Our web application security includes:
  • Role-Based Access Control (RBAC): Fine-grained access control at organization and workspace level, supporting both predefined and custom roles.
  • Single Sign-On (SSO): SSO integration with identity providers like Microsoft Entra ID and Google to centralize and secure authentication.
  • Multi-Factor Authentication (MFA): MFA support is available for all customer users via OTP otr SSO.
  • Strong password policy: Passwords must meet strict complexity requirements. No default or temporary passwords are used.
  • Brute-force protection: Login attempts are rate-limited.
  • Automatic data masking: Sensitive data (e.g. emails, SSNs) can be automatically anonymized or masked using configurable filters.
  • Audit logs: All critical actions are logged with user ID, timestamp, action type, and affected objects. Audit logs are immutable and searchable.
  • Session security: Sessions are managed securely with appropriate expiration, token rotation, and protection against session hijacking.
  • Role-Based Access Control (RBAC): Fine-grained access control at organization and workspace level, supporting both predefined and custom roles.
  • Single Sign-On (SSO): SSO integration with identity providers like Microsoft Entra ID and Google to centralize and secure authentication.
  • Multi-Factor Authentication (MFA): MFA support is available for all customer users via OTP otr SSO.
  • Strong password policy: Passwords must meet strict complexity requirements. No default or temporary passwords are used.
  • Brute-force protection: Login attempts are rate-limited.
  • Automatic data masking: Sensitive data (e.g. emails, SSNs) can be automatically anonymized or masked using configurable filters.
  • Audit logs: All critical actions are logged with user ID, timestamp, action type, and affected objects. Audit logs are immutable and searchable.
  • Session security: Sessions are managed securely with appropriate expiration, token rotation, and protection against session hijacking.
Technical Security
Kindly’s infrastructure is designed for resilience, scalability, and security. We apply a layered approach to protect our systems and your data at every level — in line with ISO 27001 requirements and cloud security best practices. The data is securely stored in EU data centers.

Our infrastructure security includes:
  • Data encryption in transit and at rest: All data is encrypted using industry standards (TLS 1.2+ for data in transit, AES-256 for data at rest).
  • Secure password storage: Passwords are hashed using PBKDF2 + HMAC-SHA256 with unique salts.
  • System hardening: Components are hardened based on security benchmarks.
  • Logging and monitoring: Infrastructure events are logged and monitored continuously.
  • Threat detection: Services are run to help detect anomalies and threats in real time.
  • Role-Based Access Control (RBAC): Access to infrastructure components is tightly controlled, role-scoped, and reviewed regularly.
  • Backups: Point-in-time recovery backups are maintained with automatic integrity checks and encrypted storage.
  • DDoS protection: Protection against volumetric and application-layer attacks.
  • Redundant architecture: Services are deployed across multiple data centers with failover mechanisms in place.
  • Autoscaling: Core services scale automatically to maintain performance and availability under load.
  • Audit logging: All infrastructure access and changes are logged and stored securely for traceability and compliance.
  • Patch management: Systems are regularly updated with critical security patches and monitored for vulnerabilities.
  • Secrets management: Sensitive credentials and tokens are stored securely using managed secret stores with strict access controls.
  • Vulnerability scanning: Automated scans are regularly performed to identify known security issues across systems and dependencies.
  • Penetration testing: Independent penetration tests are conducted on a regular basis to uncover and address potential vulnerabilities.
  • Data encryption in transit and at rest: All data is encrypted using industry standards (TLS 1.2+ for data in transit, AES-256 for data at rest).
  • Secure password storage: Passwords are hashed using PBKDF2 + HMAC-SHA256 with unique salts.
  • System hardening: Components are hardened based on security benchmarks.
  • Logging and monitoring: Infrastructure events are logged and monitored continuously.
  • Threat detection: Services are run to help detect anomalies and threats in real time.
  • Role-Based Access Control (RBAC): Access to infrastructure components is tightly controlled, role-scoped, and reviewed regularly.
  • Backups: Point-in-time recovery backups are maintained with automatic integrity checks and encrypted storage.
  • DDoS protection: Protection against volumetric and application-layer attacks.
  • Redundant architecture: Services are deployed across multiple data centers with failover mechanisms in place.
Organizational Security
Kindly operates under an ISO 27001-certified Information Security Management System (ISMS), with structured controls to secure our people, processes, and infrastructure.

Our organizational security includes:
  • Screening & training: Background checks and annual security awareness training for all employees.
  • Access & policy controls: Role-based access, MFA on production systems, and enforced internal security and acceptable use policies.
  • Device & asset protection: All company devices are configured according to security best-practices and monitored.
  • Secure operations & communication: Operational changes follow strict workflows with audit logging. Internal communication tools are secured with encryption and access control.
  • Development & cryptographic security: Secure coding practices, automated testing, and strong encryption are in place across environments.
  • Physical security: Access to office spaces and production infrastructure is restricted, logged, and monitored. Data centers meet high physical security standards.
  • Incident & risk management: Defined processes for detecting, handling, and escalating incidents. Risk and vendor assessments are performed regularly.
  • Audits & monitoring: Ongoing internal audits and annual external certification ensure effectiveness of all security controls.
  • Continuity & recovery: We maintain tested business continuity and disaster recovery plans, including backup, failover, and restoration procedures.
  • Screening & training: Background checks and annual security awareness training for all employees.
  • Access & policy controls: Role-based access, MFA on production systems, and enforced internal security and acceptable use policies.
  • Device & asset protection: All company devices are configured according to security best-practices and monitored.
  • Secure operations & communication: Operational changes follow strict workflows with audit logging. Internal communication tools are secured with encryption and access control.
  • Development & cryptographic security: Secure coding practices, automated testing, and strong encryption are in place across environments.
  • Physical security: Access to office spaces and production infrastructure is restricted, logged, and monitored. Data centers meet high physical security standards.
  • Incident & risk management: Defined processes for detecting, handling, and escalating incidents. Risk and vendor assessments are performed regularly.
  • Audits & monitoring: Ongoing internal audits and annual external certification ensure effectiveness of all security controls.
  • Continuity & recovery: We maintain tested business continuity and disaster recovery plans, including backup, failover, and restoration procedures.
Products
Kindly GPTKindly PlatformKindly ChatAnalytics
Solutions
Kindly GPTKindly PlatformKindly ChatAnalytics
Company
Kindly GPTKindly PlatformKindly ChatAnalytics
Resources
Kindly GPTKindly PlatformKindly ChatAnalytics
Products
Kindly GPTKindly PlatformKindly ChatAnalytics
Solutions
E-commerceTelecommunicationsHospitality & TravelLogistics & deliveryConsumer services
Resources
About UsCareers & PeopleContact UsLegal & PoliciesPartners
Company
The Kindly BlogCase StudiesDocumentationKindly Guides
Products
Kindly GPTKindly PlatformKindly ChatAnalytics
Solutions
Customer Support AutomationImproved Visitor ExperienceDrive More SalesOptimize for Conversions
Solutions
E-commerceTelecommunicationsHospitality & TravelMedia & StreamingLogistics & deliveryConsumer services
Company
About UsCareers & PeopleContact UsLegal & PoliciesPartners
Resources
The Kindly BlogCase StudiesDocumentationKindly Guides
4.9/5
Trusted by Users Worldwide
Highly rated by users and backed by industry certifications, ensuring quality and reliability.
Copyright © 2025 Kindly AS