Security First
We take the security of your data seriously. Learn about our comprehensive security measures and how we protect your information.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Hosted on SOC 2 Type II compliant infrastructure with 24/7 monitoring and automated failover.
Role-based access control, multi-factor authentication, and comprehensive audit logging.
GDPR, CCPA, and CAN-SPAM compliant with data processing agreements available.
All employees undergo background checks and security training. Access is granted on least-privilege basis.
DDoS protection, Web Application Firewall, and intrusion detection systems protect all endpoints.
Data Protection
- Encryption at Rest: All customer data is encrypted using AES-256 encryption with keys managed through AWS KMS.
- Encryption in Transit: All connections use TLS 1.3 with strong cipher suites. HSTS is enforced on all domains.
- Database Security: Databases are isolated per customer with network-level access controls and automated backups.
- Data Residency: Enterprise customers can choose their data region (US, EU, or other available regions).
Application Security
- Authentication: Powered by Clerk with support for SSO, MFA, and social login. Session tokens are short-lived and rotated automatically.
- Authorization: Role-based access control (RBAC) with granular permissions. Organization-level isolation prevents cross-tenant access.
- Input Validation: All inputs are validated and sanitized. API endpoints use strict schema validation with Zod.
- Dependency Security: Automated vulnerability scanning with Dependabot. Critical updates are deployed within 24 hours.
Infrastructure Security
- Cloud Security: Hosted on AWS with VPC isolation, security groups, and network ACLs. All instances are hardened per CIS benchmarks.
- DDoS Protection: Multi-layer DDoS protection through AWS Shield and Cloudflare.
- Monitoring: 24/7 monitoring with automated alerting. Intrusion detection systems monitor for suspicious activity.
- Backups: Automated daily backups with 7-day retention. Backups are encrypted and stored in separate regions.
Sub-processors
We use the following third-party service providers to deliver Kling Cloud. All sub-processors are bound by data processing agreements.
| Provider | Purpose | Location |
|---|---|---|
| DigitalOcean | Cloud infrastructure and hosting | USA / EU / Global |
| Vercel | Website hosting and CDN | Global |
| MongoDB Atlas | Database hosting | USA / EU |
| Clerk | Authentication and identity | USA |
| Polar | Billing and subscriptions | USA / EU |
| Resend | Email delivery | USA |
| Twilio | SMS and WhatsApp messaging | USA / Global |
Incident Response
We maintain a comprehensive incident response plan and will notify affected customers within 72 hours of discovering a security incident that affects their data.
To report a security vulnerability, please email security@kling.to. We operate a responsible disclosure program and will acknowledge reports within 24 hours.
Questions?
For security-related inquiries or to request our SOC 2 report, contact us.