Security

KinBridge handles sensitive data: health metrics, personal conversations with seniors, voice recordings, and end-of-life content. Security is foundational, not an afterthought. Here is what we do and how to report issues.

Encryption

Data at Rest

• Database (PostgreSQL on Neon): AES-256 encryption at the storage layer
• Media files (Cloudflare R2): AES-256 server-side encryption
• Biometric voice prints: AES-256 with isolated encryption keys per user
• OAuth tokens: AES-256-GCM application-level encryption before storage

Data in Transit

• All API and web traffic: TLS 1.3 minimum; TLS 1.2 as fallback
• Internal service communication: Encrypted over private VPC where applicable
• Webhooks (Stripe, Twilio, Terra): HTTPS with signature verification

Access Control

• Authentication: JWT tokens with 7-day expiry; bcrypt password hashing (salt rounds ≥ 12)
• Role-Based Access: Strict separation between user, caregiver, enterprise admin, and internal staff roles
• PHI Access Logging: All access to Protected Health Information is logged with user ID, timestamp, and action
• Principle of Least Privilege: Internal staff access is restricted to what is necessary for their role
• Break Glass: Emergency PHI access for enterprise is logged and triggers an automatic alert
• 2FA: Available for enterprise accounts; planned for all accounts in Q2 2026

Infrastructure Security

• Hosting: Render (SOC 2 Type II certified infrastructure)
• Database: Neon serverless PostgreSQL with automatic failover
• Network: Web Application Firewall (WAF) and DDoS mitigation via Cloudflare
• Dependency scanning: Automated vulnerability scanning on every deploy via GitHub's Dependabot
• Secret management: Environment variables stored in Render's encrypted secret store; never committed to source code
• Backups: Daily automated database backups with 30-day retention; point-in-time recovery available

Biometric Data Special Protections

Voice prints used for Last Words voice cloning are subject to additional security controls:

• Stored in logically isolated storage separate from regular user data
• Encrypted with user-specific keys derived from user credentials
• Accessible only to the voice synthesis pipeline — not to general application code
• Deletion is immediate and irreversible upon consent revocation or account closure
• No employee has unilateral access to raw voice recordings — dual authorization required for debugging

Secure Development Lifecycle

• All production code changes go through pull request review before merge
• Database queries use parameterized statements — SQL injection not possible through standard code paths
• Input validation on all API endpoints
• Rate limiting on sensitive endpoints (auth, messaging, AI generation)
• CSRF protection on OAuth callback flows
• No sensitive data in server logs (tokens, health data redacted)

Security Assessments

• Annual penetration test: Third-party assessment of web app and API. Summary available under NDA.
• SOC 2 Type II: In progress. Target completion Q3 2026.
• Dependency audits: Run on every CI/CD pipeline execution via npm audit and Dependabot alerts.

Responsible Disclosure

Incident Response

Our incident response process:

• Detection: Automated monitoring alerts on anomalous behavior (failed auth spikes, unusual data access)
• Containment: Isolate affected systems within 4 hours of confirmed incident
• Assessment: Determine scope and data affected within 24 hours
• Notification: GDPR supervisory authority within 72 hours; HIPAA covered entities within 60 days; affected users promptly
• Remediation: Patch and post-incident review

Contact

Security issues: security@kinbridge.app
Compliance / BAA: enterprise@kinbridge.app
Privacy / DPO: dpo@kinbridge.app