Trust Center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

Introduction from our CTO

If you are reading this document, then you are serious about security. So am I.

I recognise that Kombo has both a legal and moral responsibility to ensure that we comply with data protection legislation and industry standards. Our company value is “do the right thing for the customer” and that means not just ticking boxes to ensure your data is safe, but questioning everything we do with the intent of making it safer.

It’s not just the right thing to do; it’s good business sense. We survive by ensuring your data is safe. We thrive by constantly looking for ways to make it even safer.

It’s my intent that all common security questions should be answered here. If you have any further questions, please don't hesitate to get in touch with me personally at arne@kombo.dev.

Many thanks,

Arne Gebert

Chief Technology Officer, Kombo

Compliance

GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
SOC 2 Logo
SOC 2
Start your security review
View & download sensitive information
Ask for information

Documents

Pentest Report
ISO 27001
SOC 2
Data Processing Agreement
Acceptable Use Policy
Access Control Policy
Asset Management Policy
Backup Policy
Business Continuity Policy
Data Classification Policy
Encryption Policy
General Incident Response Policy
Information Security Policy
Internal and External Communication Policy
Physical Security
Risk Management Policy
Software Development Lifecycle
Data Flow Chart

Risk Profile

Data Access LevelRestricted
Impact LevelSubstantial
Recovery Time Objective24-48 hours
View more

Reports

Pentest Report

Data Security

Backups Enabled
Data Erasure
Encryption-at-rest
View more

App Security

Responsible Disclosure
Credential Management
Vulnerability & Patch Management

Legal

SubprocessorsGoogle Cloud-company-logoMicrosoft-company-logo
Data Processing Agreement
Master Services Agreement
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Google Cloud Platform
Separate Production Environment

Corporate Security

Asset Management Practices
Employee Training
HR Security
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo