At KinWise, we take the security of your financial information seriously. This page outlines the measures we use to protect your data and maintain the integrity of our services.
1. Data Encryption
In Transit
All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher. This helps ensure your information cannot be read during transmission.
At Rest
Your data is encrypted at rest using AES‑256 encryption with AWS Key Management Service (KMS). Database backups are encrypted using the same standards.
2. Secure Hosting
KinWise is hosted on Amazon Web Services (AWS) in the Asia Pacific (Auckland) region. AWS provides:
- Physical security at world-class data centres
- SOC 1, SOC 2, and SOC 3 compliance
- ISO 27001 certification
- Network isolation and DDoS protection
By hosting in New Zealand, we aim to keep your data within Aotearoa and subject to New Zealand law, where operationally possible.
3. Access Controls
Staff Access
- Least‑privilege access, with staff only accessing systems required for their role
- Multi‑factor authentication required for all administrative access
- Regular access reviews and prompt revocation when staff leave
- All access logged and auditable
User Security
- Secure password requirements enforced
- Two-factor authentication (2FA) available for user accounts
- Automatic session timeout after 10 minutes of inactivity
- Account lockout protection against brute-force attacks
4. Application Security
- CSRF protection for all forms
- Content Security Policy configured to reduce XSS risk
- Input validation and sanitisation across the application
- Secure HTTP headers to prevent common attacks
- Regular automated scanning for vulnerable dependencies
5. Security Testing
- Regular vulnerability scanning of infrastructure
- Periodic penetration testing by independent security professionals
- Mandatory code reviews before deployment
- Automated security checks within our CI/CD pipeline
6. Monitoring and Incident Response
Monitoring
- 24/7 automated monitoring for security anomalies
- Real‑time alerts for suspicious activity
- Comprehensive audit logging
Incident Response
We maintain documented incident response procedures. If a security incident occurs:
- Immediate containment and investigation
- Initial assessment within 72 hours, in line with New Zealand Privacy Act requirements
- Notification to affected users and the Privacy Commissioner where required
- Post‑incident review and security improvements
7. Backups and Recovery
- Automated daily encrypted backups
- 35‑day backup retention with rotation
- Regular disaster recovery testing
- Geographic redundancy within New Zealand where available
8. Payment Security
Where applicable, we use trusted third‑party payment processors for subscription payments. KinWise:
- Does not store full credit card numbers
- Does not process card data directly
- Partners with PCI DSS compliant payment providers
9. Your Role in Security
Security is a shared responsibility. We recommend:
- Using a strong, unique password
- Enabling two‑factor authentication when available
- Keeping devices and browsers up to date
- Being cautious of phishing emails claiming to be from KinWise
- Logging out when using shared devices
- Reporting suspicious activity promptly
10. Reporting Security Issues
If you discover a security vulnerability or have concerns about our services, contact us immediately:
We appreciate responsible disclosure and will respond promptly.
11. Compliance
KinWise operates in accordance with:
- New Zealand Privacy Act 2020
- Information Privacy Principles governing personal information
We regularly review our security practices to address evolving risks and regulatory expectations.
KinWise Limited · NZBN: 9429053340344 · Email: support@kinwise.co.nz · Tagline: Innovate For Good