Security, Privacy and Control
Your business runs on trust, that’s why it runs on Kudoboard
Company culture and success is built on trust and transparency.
This is why your trust is at the forefront of everything we do. With Kudoboard’s end-to-end approach to data security, privacy and control, we empower your teams to achieve compliance with confidence and security infrastructure that keeps you safe.
Trusted by Tens of Millions of people around the world
Compliant with global privacy standards and regulations
Data protection is built in by design and by default. Our data privacy features and data privacy technologies are embedded directly into the design of our platform.
We’re transparent, so you can have peace of mind
Have confidence in how Kudoboard uses information, as well as when and how we contact customers.
Kudoboard protects your data at every layer
Whether you’re using Kudoboard products that are free or paid, feature-rich or lightweight, Kudoboard works hard to maintain the privacy of data you entrust with us. We never sell your data.
Popular Cloud Security Features
-
Single Sign-On (SSO)
Let users sign in to Kudoboard using single sign-on credentials, making it easy for them to log in while enhancing security and control over who has access.
-
Encryption & SOC 2, Type II certified
Built for enterprises, Kudoboard has data encryption in transit & at rest, SOC 2, Type II certification, and regular penetration tests.
-
US-based data centers
Your data is stored in secure, US-based data centers hosted by AWS and Digital Ocean— adhering to strict security standards, ensuring physical and environmental data center security.
-
Intrusion detection system
Security measures such as web vulnerability and intrusion detection systems (IDS) actively help secure our systems and your data.
-
User access controls
Adjust sitewide or board settings to only allow users with company emails to access or contribute to a Kudoboard. Control if boards are public, private or shareable on social platforms.
Frequently asked questions about security and privacy
We employ a range of security measures, including encryption protocols, regular security audits, firewalls, and access controls to safeguard your data.
Your data is stored in secure, US-based data centers hosted by AWS and Digital Ocean. Both AWS and Digital Ocean adhere to strict security standards, ensuring physical and digital protection against unauthorized access. Learn more about AWS security at aws.amazon.com.
Access to your data is strictly controlled and limited to authorized personnel who require it for providing services or maintaining system integrity.
We never sell data or information to any third-party vendors.
Data like work anniversary and birthdays can be used in the workplace to mark important moments. Email information can be used to send and receive Kudoboards.
Data can be deleted at any time upon request to [email protected].
Required: First name, last name, work email
Optional: hire date, month and day of birth, and manager
We are able to integrate with any HRIS that can support report delivery via an API. On a high level, the HRIS will make a report available to Kudoboard via flat-file transfer to an SFTP server or via API we can programmatically access. The user management integration will access this report once per day and apply any changes to the user information within Kudoboard.
Yes, your data is encrypted in transit and at rest. All web traffic, including our web app and public website, is served over HTTPS. We also use HSTS to ensure that browsers communicate with our services using HTTPS exclusively. Our primary databases, archives, and logs, including backups, are fully encrypted at rest. We use industry-standard encryption algorithms with a minimum strength of AES-256.
Yes, we undergo an annual penetration test and SOC 2 Type 2 audit. We also conduct regular SAST, DAST, and infrastructure scanning for vulnerabilities. Vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported.
We adhere to industry-recognized compliance standards such as SOC 2 and others, ensuring that your data is handled in compliance with relevant regulations. SOC 2 Type 2 compliance and certification demonstrate that Kudoboard rigorously protects our clients by enforcing the highest standards of security in managing and protecting our client data.
We carefully vet and select third-party vendors based on their security practices and standards. Contracts and agreements include clauses that enforce security measures and compliance.
Yes. We have mandatory, continuous security training for all Kudoboard employees. Additionally, all employees and contractors have signed confidentiality agreements.
We never store passwords in a form that can be retrieved. Instead, we store an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.
Alternatively, Kudoboard can be used with several secure single sign-on (SSO) standards, including SAML and OAuth.
Yes. Our servers are protected by firewalls and not directly exposed to the Internet.
We aggregate logs to secure encrypted storage. All sensitive information (including passwords and API keys) is filtered from our server logs. Log data is fully expunged after one year.
Kudoboard is built with fault tolerance capability. Each of our services is fully redundant with replication and failover. We maintain an incident response plan that includes procedures to be followed in the event of an unauthorized disclosure of data or other security incident.
Email us at [email protected] and we will investigate. We request that you do not publicly disclose any issues discovered until we have addressed it.