Security

This page describes the security practices Kaishu AI applies to customer data. It is maintained by Kaishu AI and is not an independent certification.

Encryption

• Data in transit is encrypted using TLS 1.2 or higher.
• Data at rest is encrypted by our hosting and database providers using industry-standard algorithms.

Access controls

• Access to production systems is limited to authorised personnel on a least-privilege basis.
• Administrative access requires multi-factor authentication.
• Access reviews are performed periodically.

Hosting and subprocessors

We use reputable cloud providers to host our services and third-party AI model providers to power our agents. Where available, we use enterprise or zero-retention endpoints and instruct AI providers not to train their models on customer data. A current list of subprocessors is available on request.

Retention and deletion

Customer data is retained according to the terms agreed with each customer and deleted on request, subject to any legal hold. See our Privacy Policy.

Incident response

We monitor our services for security events and will notify affected customers of any confirmed personal-data breach without undue delay, in line with UK GDPR.

Reporting a vulnerability

If you believe you have found a security issue, please email hello@kaishu.ai with details. Please do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate.

Data Processing Agreement

A Data Processing Agreement is available on request.