KriyosKriyos
Legal

Security

How we protect the record.

Last updated: June 18, 2026

Tenant isolation

Every query is scoped to a single tenant at the database layer, via Postgres row-level security. There is no code path that can accidentally serve another tenant’s data.

Encryption

Everything is encrypted in transit (TLS 1.3) and at rest (AES-256). Key rotation is automatic via AWS KMS.

Authentication

Passwordless via magic link by default; SSO (SAML / OIDC) available for qualifying workspaces. Session rotation on every auth-state change.

Backups

Hourly point-in-time snapshots, retained for 30 days. Quarterly restore drills documented in the engineering runbook.

Questions? Write to support@kriyos.co. Real human, real answer.