Welcome to Fort Kayako
We are fanatical about protecting your data. Multiple layers of enterprise-class security protect our product, platform, and processes. It’s why thousands of organizations, from entrepreneurs to Fortune 100 businesses, trust Kayako.
Product Security features
We’ve thought hard about how to make working with Kayako simple but secure.
Authenticate agents and customers against your own systems or third-party apps.
Kayako supports 2FA (for both your team and your customers) to add an extra layer of protection to user accounts.
Secure credential storage
We follow best practices by irreversibly hashing user passwords and never storing them in plain text.
API security and authentication
The Kayako API is restricted to authorized users based on username and password or username and API tokens.
Role-based access restrictions
You can configure multiple roles, access rights and restrictions for your team in Kayako.
IP and network restrictions
Your Kayako agent area can be configured to only allow access from specific IP address ranges.
To help prevent spoofing and maximize deliverability, we support both DKIM and SPF authorization for outbound emails from Kayako.
Kayako’s built-in filtering service prevents unwanted spam from creating a Case or being published on your Help Center.
With Kayako, you can define custom password and security policies to match those of your organization.
We set ourselves rigorous, exacting standards for platform security. And we exceed them. Your data is secure with us.
All data between your users and Kayako are encrypted using industry-standard HTTPS and Transport Layer Security (TLS).
Responsible disclosure policy
We operate a public, transparent responsible disclosure policy which encourages cooperation with whitehat hackers and penetration testers.
Industry-leading infrastructure is in place to protect against and mitigate the impact of denial of service attacks.
Disaster recovery and backup
Our redundancy architecture eliminates a single point of failure. Combined with comprehensive backups, we ensure customer data is replicated and available across production systems.
We physically and logically keep testing and staging environments separate from production environments. No customer data is used during development or testing.
Architecture and trust zones
We have zoned our platform architecture into areas of trust, and only the minimal amount of infrastructure is exposed directly to the public Internet. For example, components such as databases are hosted on a private network.
Redundant power supplies, each with UPS and backup generators and automatic failover. State of the art fire suppression, with all data center areas protected by either wet-pipe, doubleinterlocked pre-action, or gaseous sprinkler systems.
Our main data center provider requires background checks, as permitted by law, as part of pre- employment screening practices for employees and commensurate with the employee’s position and level of access.
Core Kayako infrastructure is hosted at SSAE-16 (SOC 1, SOC 2, SOC 3), PCI DSS, ISO 27001, ISO 27017, ISO 27018 and Cloud Security Alliance compliant data facilities.
Security starts at home
We’ve put together some best practices that your team can follow to maximize the security of your Kayako and handle your customer’s data safely.