Security.
Everything on this page is verifiable in the products. No badge we haven't earned, no acronym we can't back.
Data encryption
All traffic between your browser and Kynth runs over TLS. Data at rest lives in Postgres on Supabase, encrypted with AES-256 at the storage layer. Secrets and API keys sit in managed secret stores, never in code.
Tenant isolation
Every Kynth product runs on Postgres with per-tenant row-level security: every row is scoped to your account and the policy is enforced by the database itself, not by application code. A bug in one app's code cannot read another customer's rows, because the database refuses the query.
Your data is never training data
Explicit pledge: nothing you put into a Kynth product is used to train AI models — ours or anyone else's. AI features call model APIs with training on inputs disabled, and in high-stakes workflows (claims, appeals, billing disputes) the AI drafts and you approve; nothing is filed or sent without your review.
Access
You sign in with Google or an emailed magic link — Kynth never sees or stores a password. Sessions use short-lived rotating tokens. When you connect an integration, we request the minimum OAuth scopes the feature needs, store the tokens encrypted, and delete them when you disconnect.
Payments
Payments are processed by Stripe. Card numbers go from your browser straight to Stripe and never touch Kynth servers. We store only the Stripe customer reference and your subscription state.
Data deletion
Email hello@kynth.studio and your data is deleted within 30 days — every row scoped to your account, across every Kynth product. No retention games, no exit interview.
Responsible disclosure
Found a vulnerability? Email hello@kynth.studio with details and steps to reproduce. Reports get a human reply — usually the same day, because the human who replies is the one who wrote the code.
What we don't have yet
We don't hold a SOC 2 certification. When a third-party audit lands, it gets added to this page — not before. Everything above applies to every byte you store here today, certificate or not.