Contact Us
Support
Submit a Ticket
Chat with us 24/7
Platform Status
Support Portal
Developer Portal
Login

Security Statement

Modified on: Thursday, 6 February 2025

Serious about your security? The security of your data and earning your trust is core to our culture, processes and everything we build.

Data center security

Kudosity (“We”, “Our”, “Us") services and your data is hosted on Amazon Web Services (AWS), a global leader in Infrastructure as a Service (IaaS). Amazon take physical and network security seriously. Their data centres are housed in nondescript facilities. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff, video surveillance, intrusion detection systems, and other electronic means. Access to their data centre floors requires two-factor authentication a minimum of two times.

Amazon maintain multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. Their reports can be found on the AWS Compliance website and you can read more about the specifics of their approach at https://aws.amazon.com/security/.

Access control

You have full control over who you invite to your Kudosity account and the permissions they are assigned. While our team may require access to your account to provide technical support, access to sensitive systems is strictly restricted to essential personnel on a need-to-know basis. In rare instances where access to readable data is necessary to address an issue, we will always request your explicit permission in advance.

Internal controls

At Kudosity, safeguarding our systems is integral to our daily operations. We maintain strict internal policies and processes to safeguard company and customer data, protect our assets and infrastructure, and ensure that access to sensitive systems is limited to essential personnel on a need-to-know basis. Our approach is reinforced by strict security compliance aligned with globally recognised security standards and best practices, including ISO 27001 and SOC 2

Backup and availability

Our systems automatically replicate your data across multiple locations to maximise availability and resilience. We perform daily continuous backups to enable point-in-time restoration capabilities in the unlikely event that data replicas in all locations fail at once. In preparation for our peak trading period (Black Friday), we also conduct an annual manual backup to capture a specific time snapshot, securely stored in cold storage. Our monitoring systems provide real-time alerts for any issues, and Tier 1 support staff are on-call 24/7/365 to promptly respond to any unexpected incidents.

Updates and external review

We update Kudosity most days and because you access Kudosity via your browser you’re always on the latest version. We monitor security advisories and other security community output closely. We work promptly to upgrade the service to respond to potential new threats and vulnerabilities as they are discovered. We work with certified independent specialists on a regular basis to undertake systems penetration testing and source code reviews.

Payment card data

Kudosity does not directly process or store credit card information. We ensure all payment systems comply with PCI-DSS requirements when working with payment processors or partners responsible for handling such data.

Concerns or want to contact us?

For concerns that are urgent or sensitive, please email us on our sensitive support channel compliance@kudosity.com so that it can be handled promptly by our security team.