Security at Krylos

Your trust is our priority. We implement industry-leading security practices to protect your data and ensure the privacy of your content.

Our Commitment to Security

At Krylos, security isn't an afterthought—it's fundamental to everything we build. We understand that you're trusting us with your website data, user information, and business-critical content. That trust drives us to implement and maintain the highest security standards in the industry.

Our security approach is comprehensive, covering infrastructure, application security, data protection, and operational practices. We continuously monitor, test, and improve our security posture to stay ahead of emerging threats.

Data Encryption

  • Encryption in Transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Key Management: Encryption keys are managed using AWS KMS with automatic rotation

Infrastructure Security

  • AWS Infrastructure: Hosted on Amazon Web Services with SOC 2 Type II compliance
  • Network Isolation: Services run in isolated VPCs with strict security groups
  • DDoS Protection: AWS Shield and CloudFront provide protection against attacks

Access Control

  • Role-Based Access: Granular permissions ensure users only access what they need
  • Multi-Factor Authentication: Optional MFA for enhanced account security
  • Session Management: Secure session tokens with automatic expiration

Data Privacy

  • Data Isolation: Each organization's data is logically isolated in our database
  • Minimal Data Collection: We only collect data necessary to provide our services
  • Data Retention: Clear policies on how long we retain your data

Application Security

Secure Development

  • Code reviews for all changes
  • Automated security scanning in CI/CD pipeline
  • Dependency vulnerability monitoring
  • Regular security updates and patches

Protection Measures

  • SQL injection prevention through parameterized queries
  • XSS protection with content security policies
  • CSRF protection on all state-changing operations
  • Rate limiting to prevent abuse

Monitoring & Incident Response

24/7 Monitoring

Our systems are continuously monitored for security events, anomalies, and potential threats. Automated alerts notify our security team of any suspicious activity for immediate investigation.

Incident Response Plan

We maintain a comprehensive incident response plan that includes detection, containment, eradication, and recovery procedures. Our team is trained to respond quickly and effectively to security incidents.

Logging & Audit Trails

All system access and administrative actions are logged and retained for security auditing. These logs help us detect unauthorized access attempts and investigate security incidents.

Compliance & Standards

GDPR

General Data Protection Regulation compliant

CCPA

California Consumer Privacy Act compliant

SOC 2

Infrastructure hosted on SOC 2 Type II certified AWS

Note: We are committed to maintaining compliance with relevant data protection regulations and industry standards. Our practices are regularly reviewed and updated to meet evolving requirements.

Your Security Responsibilities

While we implement robust security measures, security is a shared responsibility. Here's how you can help protect your account:

Account Security

  • Use a strong, unique password
  • Enable multi-factor authentication
  • Never share your credentials
  • Log out from shared devices

Best Practices

  • Review team member access regularly
  • Revoke access for former team members
  • Keep your API keys secure
  • Report suspicious activity immediately

Report a Security Vulnerability

We take security vulnerabilities seriously and appreciate the security research community's efforts to help keep Krylos and our users safe. If you've discovered a security issue, please report it to us responsibly.

How to Report

Email us at security@krylos.io with:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Your contact information for follow-up

Our Commitment

We will acknowledge your report within 48 hours and provide regular updates on our progress. We ask that you give us reasonable time to address the issue before public disclosure.

Questions About Security?

If you have questions about our security practices or need more information, our team is here to help.

Contact Us Privacy Policy