1. Infrastructure
Kanvly production currently runs on self-managed infrastructure hosted with Hetzner Online GmbHin Germany. PostgreSQL and Redis are self-hosted on the same controlled server environment. User uploads such as avatars, note images, and card attachments are stored on Kanvly-controlled infrastructure unless a workspace or deployment configures compatible object storage.
2. Identity and access
- Password authentication with server-side password hashing.
- Secure, HTTP-only session cookies with production secure-cookie behavior.
- Optional Google, GitHub, and OIDC/SSO authentication when configured.
- Workspace roles for owners, admins, members, and guests.
- Workspace, private, and public visibility states for supported content.
- Account deletion and account data export controls in product settings.
3. Application controls
| Area | Controls |
|---|---|
| Authentication | Rate limits for sign-in, signup verification, password reset, OAuth state, and session handling. |
| Workspace data | Application-layer role checks, visibility settings, member controls, and audit-friendly workspace events. |
| Uploads | Size limits, image/content-type validation, magic-byte checks for supported image uploads, image optimization where applicable, attachment limits, and authorization checks before serving private note images or card files. |
| Public forms | Public intake form validation and rate limits to reduce abuse. |
| Lead import | File type, file size, row, column, and rate limits for CSV, TSV, TXT, and JSON imports. |
| Billing | Stripe-hosted checkout and billing portal for web subscriptions, App Store transaction verification for iOS subscriptions, webhook signature checks where configured, and no storage of full card numbers by Kanvly. |
| AI | Plan limits, member/IP rate limits, concurrent stream controls, and workspace AI settings. |
4. Data protection
Kanvly uses HTTPS/TLS for production traffic, limited access to production systems, operational backups, audit events for important changes, and structured deletion/export controls. Billing card details are handled by Stripe. Transactional email is delivered through Amazon SES.
5. Monitoring and operational readiness
- Health endpoint for production readiness checks.
- Background job worker for retryable operational tasks.
- Rate limit storage backed by Redis when configured, with SQLite fallback for smaller deployments.
- PostgreSQL backups before production deploys and migration checks.
- PM2-managed Kanvly web and job processes.
- Nginx configuration validation during deployment.
6. Incident response
If we confirm a security incident affecting personal data, we will investigate, mitigate, document, and notify affected customers or users as required by applicable law and customer agreements. We may rotate credentials, disable risky functionality, revoke sessions, or temporarily suspend access when needed to protect the service.
7. Responsible disclosure
Security researchers may report vulnerabilities through the Vulnerability Disclosure Policy. Please do not access, modify, delete, exfiltrate, or disrupt data that does not belong to you.
8. Current limitations
Kanvly does not currently advertise SOC 2, ISO 27001, HIPAA, PCI DSS service-provider coverage, or a public bug bounty. Enterprise customers that need additional review, contractual controls, or deployment-specific security terms can contact Kanvly support.