Security and Infrastructure

Data in Transit Encryption

We encrypt all data as it moves between our servers and your web browser.

We offer service with SSL-only connections, IP address connectivity restrictions, and basic authentication. Ask about Kintone’s Client Certificate Authentication option for further improving security with 2-Factor Authentication.

Our Data Centers + Data Management

Our data centers meet the criteria of the Center for Financial Industry Information Systems (FISC).

For resilience even in the event of operational error, customer data is propagated across geographically-distributed data centers without disrupting service.

Customer data is erased 30 days following contract termination date. Complete erasure of associated backups follows 2 weeks thereafter.

Per internal information security policies, customer data is accessible only by pre-ordained Cybozu staff under strict limitations in accordance with ISO 27001.

Data at Rest Encryption

We encrypt all data stored on our servers.

Data at Rest Encryption scrambles any inactive data stored within our servers. kintone uses a 512 bit key length encryption scheme, the same used in Windows BitLocker and OS X FileVault.

Outage Handling

Always-on monitoring systems. Protection from operations errors through system partitioning and multiple operator concurrence.

Redundancy

All server hardware, network, storage, and data are redundant.

Vulnerability Management

Third-party vulnerability assessments are conducted on a periodic basis.

Vulnerability Reporting

If you have a security issue to report, or suspect that you have identified a vulnerability, contact us immediately. We will acknowledge your correspondence, assign resources for investigation, and fix potential issues.