Safety

In an increasingly dangerous digital world, Kape’s commitment to privacy demands an equally strong commitment to security. Here we outline the security policies, practices, hardware, and software that work together to foster a safer digital world for our customers, our employees, and the world at large.

Security at Kape: Four key strategies

Cybersecurity across Kape’s digital privacy brands depends on a rigorous adherence to a set of principles that we call our four key strategies:

Make systems difficult to compromise

Make systems difficult to compromise

This is our first line of defense. No software is delivered without passing through our in-house build verification system and code review. Private keys for authenticating everything from Git commits to SSH are stored on hardware security devices to prevent theft by malware. Rapid patching keeps production machines up-to-date.

Minimize potential damage

Minimize potential damage

Even if a dedicated attack managed to compromise one of our systems, our second key strategy ensures its impact would be minimal. Our RAM-only server technology means no user data can persist after reboot. Our password manager’s zero-knowledge encryption makes it impossible for anyone—even Kape employees—to decrypt private login details. Our workstations follow the principle of least privilege to ensure employees only have access to the systems necessary for their roles, and no more.

Minimize time of compromise

Minimize time of compromise

Our third key strategy further hinders the success of any attack by minimizing how long it can last. Any anomalous activity in our internal infrastructure will instantly alert our 24/7 on-call security teams. Many of our systems are automatically rebuilt completely from scratch at least several times per week—often daily—which prevents any malicious code from persisting.

Validate security controls

Validate security controls

Because proof is better than trust, our fourth principle necessitates that we validate these security protocols at regular intervals and publish the results. Internally, we perform penetration tests to identify vulnerabilities. Externally, we invite independent auditors to assess the accuracy of our claims.

Security at Kape: By brand

Kape brands operate under the same defining principles while offering a diverse range of security solutions for our customers. Here are the products that help Kape customers live safer digital lives, as well as the security policies and practices that protect them:

Follow us

Keep up with all Kape’s exciting new
developments by following us on social media.