We keep Kakbima safe, secure, and free of spam and abuse so that this can be the platform where insurance producers, intermediaries and policyholders come together.
We do this through significant investments in platform security, incident response, and anti-abuse.
Launch new products within the Kakbima platform: Stay ahead of security issues, leverage the security our platform provides, and enhance access to insurance securely.
We help our customers’ security and risk teams feel confident in their decisions to encourage intermediary policyholder collaboration on Kakbima. We recognize that security is a shared responsibility with our customers. We are proud to partner with your security, risk, and procurement teams to provide the information needed for risk assessments and true understanding of our security and compliance posture.
We embody the shift toward investments in safe and secure software design practices with our world-class security engineering program. We embed security expertise and capabilities into every phase of our Software Development Lifecycle.
Once our product is out the door, our security testing doesn’t stop. In addition to our internal Red Team, we leverage the collective expertise of the security research community to provide ongoing and broadly-scoped review.
Kakbima is committed to user privacy and provides a high standard of privacy protection to all our customers. We apply stringent individual privacy protections to all Kakbima users worldwide, regardless of their country of origin or location.
Kakbima data centers are hosted on AWS and Digital Ocean platforms, which encrypts all data at rest by default in accordance with the HIPAA Title II Privacy Rule. We can also provide a completely on-premise version of Kakbima to our Enterprise customers to enable more flexibility in achieving HIPAA compliance.
Our hosting providers, Digital Ocean and AWS, are compliant with the ISO 27001, ISO 27017, and ISO 27018 standards. Digital Oceans’ and AWS’s ISO 27001 covers their shared common infrastructure. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.
Kakbima collects, processes, stores, and uses personal data in compliance with the requirements of the California Consumer Privacy Act (CCPA). We never share or “sell” personal data for non-Kakbima purposes under the CCPA.
Kakbima collects, processes, stores, and uses personal data of EU data subjects in compliance with the requirements of the EU General Data Protection Regulation (EU GDPR). Kakbima provides our users with the ability to access and control the information Kakbima collects and processes about them.
Kakbima’s payment and credit card information is handled by Manilen, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Kakbima does not typically receive credit card data, making it compliant with PCI DSS in most situations. Our libraries also have configurable client-side data scrubbing which allows you to block credit card data.
Kakbima data centers are compliant with SOC 1, SOC 2, and SOC 3 certifications. SOC provides certification for the internal security controls at third party IT service providers. Our hosting providers, Digital Ocean and AWS, have achieved SOC 3 certification, in which the controls were evaluated by an independent third party for a period of one (1) year.
Interested in joining the Security team here at Kakbima? All open roles are listed under the Security section via our careers page.