Security & Data Protection
How we keep your business data safe and secure.
Our data infrastructure provides:
Encrypted storage
“Your data is encrypted at rest automatically — it’s unreadable to anyone who shouldn’t see it.”
Encrypted transfer
“Information is encrypted in transit, so data stays protected while moving between your device and our platform.”
Backups and data durability
“Your data is automatically backed up and stored redundantly, so it isn’t lost if hardware fails.”
High availability
“AWS is designed to stay online, even when individual servers fail behind the scenes.”
Industry-standard infrastructure
“We rely on the same cloud infrastructure used by banks, healthcare platforms, and enterprise-level companies.”
How We Protect Your Data
At Kimshi, we take data security seriously. We implement industry-standard practices to protect your business information—bookings, client details, and staff records. This page outlines our core security measures.
Hosting & Infrastructure
Kimshi is hosted on Amazon Web Services (AWS), a trusted cloud provider used by millions of organizations worldwide. Our applications are placed behind AWS Application Load Balancers (ALBs), which provide load balancing, SSL/TLS termination, and DDoS protection. AWS provides built-in security features including network isolation, secure data centers, and comprehensive monitoring.
Authentication & Authorization
Authentication uses Cognito SSO with ALB OIDC headers in production, backed by cookie-based fallback for development. Middleware gates protected routes (/admin/*, /api/*) with ID token verification via JWKS. We implement comprehensive role-based access control (RBAC) with granular module and action permissions. User context is securely resolved server-side and mapped to tenant and staff context, with full traceability through Sentry tagging.
Transport Security & Headers
HSTS is enabled in production with a 2-year max-age and preload flag to enforce HTTPS. TLS is enforced at the ALB perimeter. Security headers include X-Frame-Options (DENY), X-Content-Type-Options (nosniff), Referrer-Policy (no-referrer), and Permissions-Policy restrictions. Content Security Policy (CSP) is configured to disallow unsafe-eval in production and restrict image and script sources.
Session & Cookie Hardening
Auth cookies are configured with httpOnly, Secure, and SameSite=Lax flags to prevent XSS and CSRF attacks. CSRF protection is enforced in middleware for cross-origin state-changing requests (POST/PUT/PATCH/DELETE), blocking requests unless the origin matches the host.
Encryption at Rest & In Transit
All data in transit uses TLS encryption. Third-party tokens (such as GitHub tokens) are encrypted at rest using AES-256 encryption before storage. Encryption keys are managed as 32-byte (256-bit) environment variables and are never committed to version control. Encrypted tokens are decrypted only when needed and only accessible to the authenticated user who owns them.
Session & Token Lifecycle
OIDC tokens from the ALB are cached with PEM verification and 60-second clock skew tolerance. Third-party tokens are stored encrypted and unique per user. Users can revoke GitHub connections at any time, immediately invalidating stored credentials.
Tenant Isolation & Multi-Tenancy
Multi-tenancy is enforced through domain-to-tenant mapping validation in guards. Tenant ID is included in most database queries to ensure users can only access their own organization's data. Cross-tenant data access is prevented at the database query level.
Input Validation & Sanitization
All user input is validated and sanitized. HTML content uses an allowlist to prevent script injection. URLs are validated to only allow http:// and https:// protocols. Text input has control characters removed. Patch operations (html, image, link, text) are validated for type and content.
Secrets Management
Sensitive credentials are managed via AWS Secrets Manager and kept separate from build-time environment variables. Public variables (NEXT_PUBLIC_, VITE_) are stored in AWS Systems Manager Parameter Store. Sensitive key patterns (SECRET, TOKEN, PASSWORD, DATABASE_URL) are automatically flagged and handled securely. Secrets are never committed to version control or included in build artifacts.
API Security & Data Isolation
All API requests validate tenant isolation via org-id headers to prevent cross-organization data access. Sensitive operations require ownership verification. File uploads use time-limited presigned URLs. File sizes are limited to 5MB, and content types are validated.
Health & Monitoring
Health endpoints provide liveness (/api/health) and readiness (/api/ready) checks with database connectivity and latency monitoring. Integration with Sentry provides real-time error tracking and observability, with tenant context tagging for multi-tenant visibility. Low-severity errors are filtered in development to reduce noise and focus on production issues.
Error Handling & Information Disclosure
API responses provide generic error messages to clients to prevent information disclosure. Detailed error logs and stack traces are retained server-side and accessible only to authorized personnel through monitoring tools.
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly to security@kimshiltd.com so we can address it promptly.