Security

Your data is safe. We made sure.

Enterprise-grade encryption, strict access controls, and full audit logging — so you can focus on your work, not worry about your data.

Start free — no card neededLearn more
my.kice.app
Your Data
Application Layer (RBAC + Audit)
TLS 1.3 Encryption In Transit
AES-256 Encryption At Rest
Google Cloud Infrastructure
5 layers of protection around your data

Security Architecture

Protection at every layer

From the infrastructure running our servers to the permissions controlling who sees what — your data is protected by multiple overlapping security layers.

Encryption at Rest

All data stored in our PostgreSQL databases is encrypted at rest using AES-256, the same standard used by banks and government agencies.

  • AES-256 encryption on all database volumes
  • Managed encryption keys via Google Cloud KMS
  • Encrypted backups with automatic key rotation
  • File storage (documents, avatars) encrypted at rest

Encryption in Transit

Every connection between your browser and Kice is encrypted with TLS 1.3, ensuring your data cannot be intercepted.

  • TLS 1.3 on all API and WebSocket connections
  • HTTPS enforced on all endpoints — no plaintext allowed
  • Certificate transparency logging enabled
  • HSTS headers with long max-age

Role-Based Access Control

Fine-grained permissions at both the team and project level ensure people only see and do what they should.

  • Team roles: Owner, Admin, Member
  • Project roles: Manager, Developer, Client
  • Granular permissions per action (view, create, edit, delete)
  • Client portal with restricted visibility

Audit Logging

Every significant action in Kice is logged with who did what and when, giving you a full activity trail.

  • Task, project, and team changes tracked automatically
  • Activity timeline visible per task and project
  • User-level action history
  • Immutable audit records

Authentication & Sessions

Secure authentication with short-lived tokens and refresh rotation minimizes the window of vulnerability.

  • JWT access tokens with 15-minute expiry
  • Refresh tokens with 7-day rotation
  • Password hashing with bcrypt (cost factor 12)
  • OAuth integration for GitHub SSO

Infrastructure Security

Kice runs on Google Cloud Platform via Railway, inheriting enterprise-grade infrastructure security.

  • Google Cloud Platform (GCP) infrastructure
  • Isolated database instances per deployment
  • Automatic security patches and updates
  • DDoS protection at the infrastructure level

Compliance & Standards

Built for teams that take security seriously

Whether you're a freelancer handling client data or an agency managing enterprise accounts, Kice gives you the security posture your clients expect. We follow industry standards and are transparent about how we handle your data.

GDPR Ready

Data processing compliant with EU General Data Protection Regulation. Users can export and delete their data.

AES-256 Encryption

Military-grade encryption standard protecting all data at rest on our database and storage volumes.

SOC 2 Roadmap

We are on the path to SOC 2 Type II certification, formally validating our security controls.

Transparency

Clear privacy policy, terms of service, and data processing documentation available to all users.

Security checklist
Data encrypted at rest (AES-256)
Data encrypted in transit (TLS 1.3)
Role-based access controls
Activity audit logging
Password hashing (bcrypt)
JWT token rotation
Google Cloud infrastructure
GDPR data export & deletion
SOC 2 Type II certificationRoadmap
SSO / SAML integrationRoadmap

Common Questions

Security FAQ

Where is my data stored?

Your data is stored on Google Cloud Platform (GCP) infrastructure. All database volumes are encrypted at rest with AES-256 using Google-managed encryption keys.

Can other teams see my data?

No. Kice enforces strict role-based access controls. Data is isolated by team, and within each team, permissions control who can view, create, edit, or delete resources. Client portal users see only what you explicitly share.

How are passwords stored?

Passwords are hashed using bcrypt with a cost factor of 12. We never store plaintext passwords. Authentication uses short-lived JWT tokens (15 min) with secure refresh rotation.

Is Kice GDPR compliant?

Yes. Users can export their data and request deletion at any time. Our privacy policy details exactly what data we collect and how we process it. We do not sell or share user data with third parties.

Do you have SOC 2 certification?

SOC 2 Type II certification is on our roadmap. Our current security practices already align with SOC 2 principles — encryption, access controls, audit logging, and availability monitoring.

How can I report a security vulnerability?

If you discover a security issue, please contact us at security@kice.app. We take all reports seriously and will respond within 24 hours.

Your clients trust you with their projects.
Trust us with the security.

Start managing projects on a platform that takes data protection as seriously as you do. Free to start, enterprise-ready from day one.

Get started freeView pricing

Free forever to start · No credit card required