Your data is protected
at every layer.
Kanrix is built for operations teams handling sensitive strategy and financial KPI data. Here is exactly how we protect it.
Data Protection
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Encryption keys are managed per-tenant and rotated on a scheduled basis.
- TLS 1.2+ for all API and web traffic
- AES-256 encryption for data at rest
- Per-tenant key management — one customer's keys never touch another's data
- Backups encrypted using the same key material as primary storage
GDPR-Aligned Data Handling
Kanrix follows GDPR-aligned data handling practices and does not store or process personal data.
- Right to erasure — customer data is deleted on request
- On account closure, customer data is deleted within 30 days
- We do not sell or share personal data with third parties for advertising
- Data export available in standard formats (Excel and CSV)
Infrastructure
Kanrix is hosted on enterprise-grade cloud infrastructure with high availability and automated failover.
- Isolated cloud infrastructure — dedicated compute and storage per environment
- Automated daily backups with 30-day retention
- 99.9% uptime SLA with status page at status.kanrix.com
- Penetration testing conducted annually by an independent third party
- Vulnerability scanning on all dependencies as part of the CI pipeline
Access & Authentication
Granular role-based access control ensures each user sees only what they are permitted to see. MFA is currently supported via email OTP only.
- Role-based access control (RBAC) — viewer, editor, manager, admin roles
- Multi-factor authentication (MFA) — email OTP only
- SSO via SAML 2.0 and OAuth 2.0 (Enterprise plan)
- Session timeouts configurable per organisation policy
- All login events and permission changes logged for audit purposes
Data Ownership
You own your data. Kanrix processes it to deliver the service — nothing more.
- Customer data is never used to train machine learning models
- Full data export available at any time — no lock-in
- On account closure, all data is purged from production systems within 30 days
- Subprocessor details available on request
Questions about security?
Our team is happy to walk enterprise customers through our security posture and share our current data handling practices in detail.