Security & Privacy at Kinesis Cloud

Trusted Datacenter Providers — Compute and network capacity is sourced from providers such as AWS, Google Cloud, OVH, Hyperstack, and similar operators that maintain SOC 2 and ISO/IEC 27001 certifications, with strong physical and operational security controls.

Multi-Datacenter Architecture — Our platform spans multiple facilities and providers, ensuring redundancy and resiliency through geographic diversity and minimizing single-point-of-failure risks.

Customer-Owned Infrastructure — Customers may connect their own machines to the Kinesis Cloud control panel. Physical and local infrastructure security for customer-owned machines remains the customer's responsibility.

Encrypted Connections — All communications use TLS/SSL encryption. Node-to-node and inter-datacenter communication runs over WireGuard VPN tunnels with modern cryptography.

Segmentation & Isolation — Customer workloads remain logically isolated at the network and orchestration layers.

Resilient Gateways — HAProxy and Nginx provide TLS termination, traffic management, and high-availability load balancing.

Container Runtime — Workloads run on Docker, hardened with additional controls and monitoring.

Host Hardening & Updates — Standardized on Ubuntu LTS with hardened configurations and strict patching processes, ensuring nodes receive the latest security fixes.

Automatic Failover — Server or datacenter disruption triggers automatic workload rescheduling to healthy environments.

Customer Images — Customers control container content. Best practices are encouraged, including signed images, vulnerability scanning, and minimal base layers.

Backend Stack — The control plane and services are built with C# and Go, selected for performance, reliability, and maintainability.

Database Security — MongoDB Atlas provides a fully managed service with recommended release levels, automated patching, built-in encryption, and backups.

Encryption at Rest & in Transit — All sensitive data is encrypted at rest and protected in transit with TLS.

Customer Data Ownership — Customers retain full ownership of their images, data, and workloads. Kinesis Cloud does not access application data except when explicitly required for support.

Minimal Metadata Collection — Only telemetry necessary for platform operation and improvement is collected. Logs and control plane data are retained only as long as necessary.

Privacy by Design — Our architecture minimizes unnecessary exposure of customer information and adheres to industry best practices.

Continuous Monitoring — Systems continuously track cluster health, network integrity, and anomalies.

Incident Response — A documented incident response process ensures rapid isolation, remediation, and transparent communication.

Proactive Patching — All critical components (Ubuntu, WireGuard, HAProxy, Nginx, Docker, MongoDB Atlas) are patched promptly and systematically.

Experienced Team — Leadership includes industry veterans from AWS, Microsoft, Meta, Mozilla, and IBM. Many bring direct security expertise, shaping policies and practices from inception.

Culture of Security — Security is integrated into the development lifecycle and operational playbooks rather than being an afterthought.

Kinesis Cloud — Secures the orchestration system, control plane, networking fabric, and provided infrastructure.

Customers — Secure their images, application code, secrets, and any infrastructure they connect to the control plane.