Security Overview

This page explains, in plain language, how we protect your data. For enterprise customers, we can provide a more detailed security pack on request.

Security principles

• Least privilege: access granted only as needed.
• Segregation: customer data is logically separated in the system.
• Auditability: key actions can be logged for accountability.

Data protection

• Encryption in transit: HTTPS/TLS for data transmitted between your browser and our servers.
• Encryption at rest: encryption supported at storage/database level where available.
• Backups: routine backups and disaster recovery practices (details depend on hosting plan).

Payments

Card payments are processed by Stripe. KAAASH does not store your full card details.

Account security

• Email verification and password reset flows.
• Optional MFA/SSO for enterprise (roadmap).
• Rate limiting and monitoring to reduce abuse.

Reporting vulnerabilities

If you discover a security issue, please report it via the Contact page. We appreciate responsible disclosure.