We released a small update to our privacy policy to bring it into closer contractual compliance with some recent updates to the EU’s data privacy directives. It’s simple to summarize the update: we make it clear that Kin and our customer’s data is hosted inside of the United States. We haven’t changed how or where we store data, but due to the changing legal landscape we wanted to notify you of the textual update in our policy.
Your data, our security
A couple of years ago when we made our data center selection, we did so because they were the most proactive, informed company we could find when it came to security and compliance. They remain as much today.
In terms of our application security, we’ve always made the security of customer data a top priority. We regularly review and test our security architecture. We employ best-in-class security and encryption standards to store and serve all manner of assets in Kin, from passwords, to files, to sensitive employee information. We’ve even heard from customers that, sometimes, we’re a bit too onerous with our practices. We’ll take that as a sign that we’re doing a good job.
A data center in the EU
We’re planning to open a data center in the EU in the first half of 2016, and as new regulations and resulting agreements between the US and Europe continue to inform our plans, as they did just this week, we’ll keep you informed about any action you may need to take.
You play a part in protecting your data
Despite our best efforts to protect customer data when it’s stored and in transit, data security is a two-way road. If you’re not in the habit of it, please make sure to regularly change your password, make it challenging (mixed case, integers, etc.), and perhaps most importantly, don’t reuse passwords between apps. We strongly recommend using a tool like 1Password to create strong passwords and assist in signing you in securely to all of your web apps.
As an added layer of security, you can also use Google’s 2-factor authentication to ensure you and only you are accessing your accounts. This setting can be made voluntarily by any Google user, or if you’re using Google for the entire business, it can be enforced at the account administration level as well.