Welcome to Fort Kayako

We are fanatical about protecting your data. Multiple layers of enterprise-class security protect our product, platform, and processes. It’s why thousands of organizations, from entrepreneurs to Fortune 100 businesses, trust Kayako.


Product Security features

We’ve thought hard about how to make working with Kayako simple but secure.

Single sign-in

Authenticate agents and customers against your own systems or third-party apps.

Two-factor authentication

Kayako supports 2FA (for both your team and your customers) to add an extra layer of protection to user accounts.

Secure credential storage

We follow best practices by irreversibly hashing user passwords and never storing them in plain text.

API security and authentication

The Kayako API is restricted to authorized users based on username and password or username and API tokens.

Role-based access restrictions

You can configure multiple roles, access rights and restrictions for your team in Kayako.

IP and network restrictions

Your Kayako agent area can be configured to only allow access from specific IP address ranges.

Email signing

To help prevent spoofing and maximize deliverability, we support both DKIM and SPF authorization for outbound emails from Kayako.

Spam filtering

Kayako’s built-in filtering service prevents unwanted spam from creating a Case or being published on your Help Center.

Password policies

With Kayako, you can define custom password and security policies to match those of your organization.

Platform security

We set ourselves rigorous, exacting standards for platform security. And we exceed them. Your data is secure with us.

SSL encryption

All data between your users and Kayako are encrypted using industry-standard HTTPS and Transport Layer Security (TLS).

Responsible disclosure policy

We operate a public, transparent responsible disclosure policy which encourages cooperation with whitehat hackers and penetration testers.

DDoS mitigation

Industry-leading infrastructure is in place to protect against and mitigate the impact of denial of service attacks.

Disaster recovery and backup

We operate a multi-level backup and disaster recovery strategy. Backups and near real-time snapshots are taken at various intervals and multiple copies are securely stored in different geographical locations.


Our redundancy architecture eliminates a single point of failure. Combined with comprehensive backups, we ensure customer data is replicated and available across production systems.

Separate environments

We physically and logically keep testing and staging environments separate from production environments. No customer data is used during development or testing.

Architecture and trust zones

We have zoned our platform architecture into areas of trust, and only the minimal amount of infrastructure is exposed directly to the public Internet. For example, components such as databases are hosted on a private network.

Physical security


Redundant power supplies, each with UPS and backup generators and automatic failover. State of the art fire suppression, with all data center areas protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems.

Background checks

Our main data center provider requires background checks, as permitted by law, as part of pre- employment screening practices for employees and commensurate with the employee’s position and level of access.

Assurance programs

Core Kayako infrastructure is hosted at SSAE-16 (SOC 1, SOC 2, SOC 3), PCI DSS, ISO 27001, ISO 27017, ISO 27018 and Cloud Security Alliance compliant data facilities.


Security starts at home

We’ve put together some best practices that your team can follow to maximize the security of your Kayako and handle your customer’s data safely.

Great customer service starts here

Sign up for a 14-day free trial. No credit card required.