<img alt="" src="https://secure.insightful-enterprise-52.com/784587.png" style="display:none;">

Kissflow Security Hub

Discover our robust security controls bolstering Kissflow's defense

Infrastructure Security

Card icon

DDoS Protection

Kissflow utilizes a high-quality DDoS protection service that effectively defends against Layer 3, Layer 4, and Layer 7 DDoS attacks, while also allowing legitimate traffic to flow uninterrupted.

Card icon

Network Segmentation

Kissflow has implemented a network isolation technique to safeguard sensitive information systems against security breaches and ensure their protection.

Card icon


Kissflow continuously monitors the availability, capacity, and security of its systems, and takes prompt action in case of any deviations.

Card icon

Vulnerability Management

Kissflow has a well established Vulnerability management program that involves assessing the severity and impact of each vulnerability, prioritizing them based on risk, and implementing appropriate remediation measures to ensure the security and integrity of our systems.

Card icon

Datacenter Security

AWS and GCP employ world-class physical security measures in their data centers, including stringent access controls, video surveillance, intrusion detection systems, and 24/7 monitoring. These measures safeguard against unauthorized access, physical threats, and provide a secure hosting environment for our platform

Card icon

Secure Configuration Management

Our procedures ensure secure configuration of operating systems and applications, disabling default passwords and unnecessary features. We define and consistently apply security baselines, track system configuration changes, and align with industry best practices such as CIS.

Card icon

Disaster Recovery

We have readily available Infrastructure as Code (IaaC) scripts, facilitating rapid deployment of a new environment. Our robust Disaster Recovery (DR) plan ensures business continuity, and annual testing validates its effectiveness in mitigating potential disruptions and minimizing downtime.

Card icon

Uptime Commitment

We commit to a 99% uptime for our platform, and any failures will result in service credit. You can track our availability and historic uptime at https://status.kissflow.com/

Data Security

Card icon


AES 256, the industry standard for encryption, is utilized to encrypt all data at rest on our platform. Similarly, when data is in transit either within our network or over the internet, it is encrypted using HTTPS with TLS 1.2+ to ensure secure transmission.

Card icon

Retention and Erasure of Data

Throughout the period of service usage, Kissflow will uphold the maintenance of customer data. However, upon termination of the services, all data will be permanently erased from the production environment within 30 days, and from the backup system within 90 days.

Card icon

Data Portability

Upon request, customers will have the option to export their data in a machine-readable format, ensuring seamless data portability after the termination of the service.

Application Security

Card icon

Secure Software Development

We have a well-established change management cycle that ensures all code changes undergo a rigorous authorization, testing, and verification process before being deployed to the production environment. This ensures that only authorized and thoroughly validated code modifications are implemented.

Card icon

Code Reviews

We adhere to secure coding practices throughout the development process and employ stringent quality gating measures, including static code analysis, to ensure the highest level of code integrity.

Card icon

Automated Code Deployment

Our CICD pipeline enables secure and automated code movement without manual interventions. It ensures smooth integration, deployment, and adherence to predefined security protocols, enhancing efficiency and reliability.

Organizational Security


Third Party Security Assessment

We conduct security assessments of third-party vendors and review their contracts for security and data protection clauses. We obtain third-party audits or certifications for compliance validation and have a process to assess and manage security risks associated with third-party dependencies. Security incidents involving third-party vendors are promptly investigated and addressed.


Regulatory Compliance

Regular audits are conducted to ensure ongoing compliance, and we have a process to address and rectify any non-compliance issues. Privacy and data protection regulations, such as GDPR or HIPAA, are considered, along with specific compliance requirements of our industry or market. You can track our current compliance to various standards and regulations at https://kissflow.com/compliance


Business Continuity

Kissflow has robust Business Continuity Planning (BCP) guaranteeing uninterrupted service delivery, mitigating risks, and enabling swift recovery from potential disruptions or unforeseen events.


Security Awareness

All employees undergo mandatory security and privacy awareness training program, supported by posters and regular awareness messages, ensuring a culture of vigilance and adherence to security and privacy practices.

Looking for more information?