Protecting our customers’ data is so important for us, so much so that we created an operating principle around it. Kula has a set of operating principles / mental models that the employees of Kula use on a day-to-day basis as we build the product. One of those principles is how “Security isn’t an afterthought”. And we deliver that promise by having the below controls and governance in place. Read more to understand our stance on data security and privacy.

The SOC 2 is an attestation report from the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) after successfully validating an organization’s information systems relevant to security, availability, processing integrity, confidentiality, and privacy. Kula maintains an annual SOC 2 Type II audit. You can read more about SOC2 attestations here.

Our customers’ data is encrypted both in transit and at rest. It is also replicated across multiple regions for redundancy and disaster recovery, so our customers’ data is still protected in the event of failure.

Privacy is critical to our customers and we take it seriously. Kula Flows do not sell, share, or export your data to third parties we gather from the use of our platform for our own purposes. We only provide data to our sub-processors in support of processing your data as set forth in your customer agreement.

Kula is hosted on Amazon Web Services(AWS). In addition to AWS’s extensive list of security and privacy certifications, Kula has implemented our own set of policies and best practices to secure your data.

Customers’ data is backed up regularly and we provide a maximum RPO(Recovery Point Objective) and RTO(Recovery Time Objective) of 24 hours.

Kula maintains a regularly updated Business Continuity Policy that’s tested and updated annually. We have also conducted an extensive risk assessment and put in-place remediation measures in the event of a disaster.

We approach security from a shift-left perspective and are ingrained in how we build products. Our continuous development and release process checks for security vulnerabilities and stops the release if we detect vulnerabilities. We also adhere to OWASP security guidelines in our development cycle.

We work with third-party auditors to conduct vulnerability and penetration testing annually. These are industry-leading penetration testing providers to assess our production architecture and security.

If customers want to cancel their subscription with Kula, all their data will be removed from our systems within 30 days.

We implement strict security controls for Kula employees. These controls include security training and automated provisioning and de-provisioning of access to Kula and its resources.

To safe and happy recruiting!