Security & Data Protection Architecture

Understanding that security is paramount when handling customer data, we leverage modern technologies and adhere to industry best practices to ensure the safety and privacy of your data at every stage.

Your data is safely stored

  • Encryption: Data is encrypted using modern, robust methods both in transit and at rest (e.g., TLS 1.2/1.3 and AES-256 encryption).
  • Secure Infrastructure: Kaivo operates on Google Cloud Platform (GCP), which complies with international security standards, including ISO/IEC 27001.
  • Data Storage: Your business data is securely stored in Google BigQuery, located on Google’s European servers.
  • Credential Security: Customer credentials are handled with extra care. They are strongly encrypted and never logged.

We follow security best practices at every stage

  • Access Control: We apply the principle of least privilege, ensuring only authorized personnel have access.
  • Secure Development Practices: We employ continuous integration connections and conduct rigorous code reviews to ensure our software is built and maintained securely.
  • Risk Management: Our security processes include a comprehensive risk management framework aligned with the OWASP Risk Rating Methodology to identify, assess, and mitigate potential vulnerabilities.
  • Incident Management: Comprehensive procedures are in place to ensure swift response to security events.
  • Process and Policy Management: Our security processes and documentation are reviewed and updated periodically.

Kaivo is GDPR compliant

  • Data Residency: All data is hosted on Google’s secure servers in Europe.
  • Selective Data Use: You can exclude sensitive information, such as email addresses and social security numbers, from data imports.
  • Data Deletion: We support proper and thorough data deletion processes.

AI Features and Data Processing

Google Cloud, the infrastructure provider for Kaivo, offers AI-powered features (such as Gemini in BigQuery) that can provide SQL assistance, data exploration, and other capabilities within the BigQuery environment. These features are part of the Google Cloud platform and are governed by the same Google Cloud Data Processing Addendum (CDPA) that covers all Google Cloud services used by Kaivo.

Our approach to AI features:

  • Disabled by default. AI-powered features in Google Cloud are blocked across all Kaivo customer projects through organization-level policies. No AI service can process your data unless explicitly enabled.
  • Opt-in only. AI features are only enabled for a specific customer project upon explicit request and agreement from the customer.
  • No model training on your data. Google Cloud’s terms confirm that prompts and responses from Gemini in BigQuery are not used to train AI models.
  • Same data protection standards. When enabled, AI features operate under the same encryption, access controls, and data residency policies as all other Kaivo services. Data processing is limited to US and EU jurisdictions.
  • Controllable and reversible. AI features can be disabled at any time per customer request, and access requires specific roles that Kaivo manages.

If you have questions about AI features or would like to discuss enabling them for your project, please contact us at security@kaivo.io.

Our platform is built with security at its core

  • Patch Management: Regular updates and patching ensure the platform remains secure against emerging vulnerabilities.
  • Monitoring and Alerts: Security monitoring includes logs and real-time alerts for potential threats.
  • Vetting of Third-Party Tools: All third-party tools undergo a security evaluation before integration.

Our team is committed to security

  • Training: Regular security training is mandatory for all employees.
  • Policies: Strict internal security policies are enforced across the organization (e.g. mandatory MFAs).
  • Hiring Standards: Security competency is a key requirement for software engineers joining our team.

More information

For further details on our data protection practices, please contact us at security@kaivo.io. You can also review our Privacy policy and Terms of service for more information.