Security

How we protect your data

Everything you put in Kaira is encrypted when it travels to us and when it sits in our database. Access is controlled at the row level, which means even inside Kaira, your vault is only visible to you and the people you’ve invited.

We don’t use passwords. Sign in uses a code we email you each time, or Google sign in if you prefer. Nothing to leak, nothing to reuse.

Our infrastructure is audited annually by independent third parties to the SOC 2 Type II standard.

What we don’t do

We don’t sell your data. We don’t share it with advertisers, data brokers, or insurers. We don’t train AI models on your vault contents.

We use a small number of vetted service providers to run the product. These cover hosting, email delivery, payments, and analytics. Each is bound by a data processing agreement. We can share the list on request.

What we’re honest about

Kaira has not yet completed its own SOC 2 Type II audit or an independent penetration test. We’re a small team shipping carefully, and those are on the roadmap as we grow. For now, we rely on the audited infrastructure we’re built on, the practices above, and your ability to hold us accountable.

Your rights

You can export everything in your vault at any time. You can delete your account and have your data removed. You can ask us what we know about you, and you can correct it.

Email privacy@usekaira.com and we’ll respond within 7 days.

Reporting a security issue

If you’ve found a security vulnerability, please email security@usekaira.com. We don’t have a paid bounty program yet, but we will respond, we will fix, and we will credit you if you’d like.

For automated tooling, see /.well-known/security.txt.