Your business runs on trust,
that’s why it runs on Kudoboard

We employ a range of security measures, including encryption protocols, regular security audits, firewalls, and access controls to safeguard your data.

Your data is stored in secure, US-based data centers hosted by AWS and Digital Ocean. Both AWS and Digital Ocean adhere to strict security standards, ensuring physical and digital protection against unauthorized access. Learn more about AWS security at aws.amazon.com.

Access to your data is strictly controlled and limited to authorized personnel who require it for providing services or maintaining system integrity.

We never sell data or information to any third-party vendors.

Data like work anniversary and birthdays can be used in the workplace to mark important moments. Email information can be used to send and receive Kudoboards.

Data can be deleted at any time upon request to [email protected].

Required: First name, last name, work email

Optional: hire date, month and day of birth, and manager

We are able to integrate with any HRIS that can support report delivery via an API. On a high level, the HRIS will make a report available to Kudoboard via flat-file transfer to an SFTP server or via API we can programmatically access. The user management integration will access this report once per day and apply any changes to the user information within Kudoboard.

Yes, your data is encrypted in transit and at rest. All web traffic, including our web app and public website, is served over HTTPS. We also use HSTS to ensure that browsers communicate with our services using HTTPS exclusively. Our primary databases, archives, and logs, including backups, are fully encrypted at rest. We use industry-standard encryption algorithms with a minimum strength of AES-256.

Yes, we undergo an annual penetration test and SOC 2 Type 2 audit. We also conduct regular SAST, DAST, and infrastructure scanning for vulnerabilities. Vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported.

We adhere to industry-recognized compliance standards such as SOC 2 and others, ensuring that your data is handled in compliance with relevant regulations. SOC 2 Type 2 compliance and certification demonstrate that Kudoboard rigorously protects our clients by enforcing the highest standards of security in managing and protecting our client data.

We carefully vet and select third-party vendors based on their security practices and standards. Contracts and agreements include clauses that enforce security measures and compliance.

Yes. We have mandatory, continuous security training for all Kudoboard employees. Additionally, all employees and contractors have signed confidentiality agreements.

We never store passwords in a form that can be retrieved. Instead, we store an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.

Alternatively, Kudoboard can be used with several secure single sign-on (SSO) standards, including SAML and OAuth.

Yes. Our servers are protected by firewalls and not directly exposed to the Internet.

We aggregate logs to secure encrypted storage. All sensitive information (including passwords and API keys) is filtered from our server logs. Log data is fully expunged after one year.

Kudoboard is built with fault tolerance capability. Each of our services is fully redundant with replication and failover. We maintain an incident response plan that includes procedures to be followed in the event of an unauthorized disclosure of data or other security incident.

Email us at [email protected] and we will investigate. We request that you do not publicly disclose any issues discovered until we have addressed it.