Trust Center
Security, Compliance & Transparency at Kiwi
We safeguard your data with enterprise-grade controls across infrastructure, governance, and AI systems. Below is a transparent overview of our certifications, policies, and technical practices.
Certifications & Compliance
Certified
✺ Certified via Scrut Automation
✺ Security, availability, confidentiality
✺ Attestation available upon request
Certified
✺ ISMS across infrastructure & AI systems
✺ Risk assessment & treatment completed
✺ Certification via Scrut Automation
Responsible AI
01
Data Boundaries
Customer data is never used for model training. Strict tenant isolation and scoped credentials.
02
Auditability
Every agent action is logged and attributable; full traceability for compliance reviews.
03
Human Oversight
All automations are reviewable, pausable, and reversible.
04
Risk Controls
Prompt hardening, output filters, and abuse prevention in sensitive workflows.
Infrastructure & Data Security
01
Encryption
• TLS 1.2+ in transit
• AES-256 at rest
• Per-tenant keys via KMS
02
Access Controls
• RBAC & least privilege
• MFA enforced for admins
• Just-in-time credentials
03
Network Isolation
• Dedicated VPCs
• Strict egress policies
• WAF & rate-limiting
04
Secrets & Data
• Managed secrets (AWS KMS / Vault)
• Backups with PITR
• PII minimization & tokenization
04
Risk Controls
• Centralized logs, metrics, and traces
• Anomaly and intrusion alerts
• Cloud provider audit trails
04
Risk Controls
• CI/CD checks & code scanning (GitHub)
• Dependency & container scanning
• Peer reviews & linting
Data Privacy & Governance
Business Continuity & Incident Response
Vendors & Partners
AWS
Compute & S3 storage
Google Cloud (GCP)
Compute & services
Microsoft Azure
MongoDB
Operational database
Supabase
Postgres DB & auth
GitHub
Source control & CI/CD
Vercel
Web hosting & edge
Scrut Automation
Compliance & audits
OpenAI
Model provider
Azure OpenAI
Model provider
Model provider
Anthropic
Model provider
Policies & Contact
Need a report or have a question?
Email our security team and we’ll respond promptly.
