All our contractors sign confidentiality agreements before gaining access to our codebase and data. We don't do background checks on our contractors but we have a hiring process that has several steps including code challenge review, portfolio analysis and interviews.
Our infrastructure is based on Google Cloud. We don't manage our own servers because we use Firebase platform (backend as a service). Access to Firebase dashboard and data is done by two factor authentication and all security is handled by the Google Cloud Platform.
We ensure we have high quality code by using unit tests, integration tests and code analysis tools for continuous integration. We also have a staging environment to run manual tests, once we ensure everything is fine we deploy it to production. We do deploys almost every week.
Kululu provides data encryption in transfer via 256 bit Secure Socket Layer (SSL) technology and SHA-256 with RSA Encryption algorithm. Our SSL has a grade A+ on SSL Labs quality report.
We use Google Cloud Platform to store all our data and it has default encryption at rest using either AES256 or AES128 technology. You can read more about Google Cloud encryption here: https://cloud.google.com/security/encryption-at-rest/.
We use Google reCAPTCHA security service that protects Kululu from spam and abuse. We use it on our login form to block bots.
Our passwords are stored securely by using bcrypt technology provided by Google Cloud.
Payments are provided by Paddle, our third party provider. We don't store any billing information on our servers. Paddle is PCI-Compliant and adhere to the Payment Card Industry Data Security Standard. Once you cancel your subscription, payment information is deleted automatically from Paddle. You can read more about it here: https://paddle.com/taxes-fraud-compliance/.
Kululu is hosted on Firebase that is part of Google Cloud Platform. Our data is hosted in US Central and EU Centeral (served according to client's location). Google Cloud is a very secure platform that has multiple certifications: ISO 27001, ISO 27017, ISO 27018, SOC 1/2/3, PCI DSS and CSA. You can read more about it here: Google Cloud Security, Google Cloud Infrastructure Design, Google Cloud Security Whitepaper, Google Cloud SOC 3 report, Firebase Privacy and Security and Google Cloud Data Center Security Video.
Kululu is hosted on Google Cloud Platform. Google data centers feature a layered security model, including extensive safeguards such as: Custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors and biometrics.
Kululu does regular backups once per day. All backups are encrypted by default. Backups are deleted after 30 days of being created.
We strongly believe that your data belongs to you. You can modify it, export it and delete it whenever you want. You can read more about what data we collect and how we use it on our Privacy Policy .
Kululu uses Firebase services extensively, and it's hosted on Google Cloud Platform which is a very reliable service and has high availability. You can check Firebase live status here https://status.firebase.google.com/.
We use Firebase for authentication services and it has a monitor feature to block IP's that are trying to attack us. Firebase limit the number of new Email/Password and Anonymous sign-ups from our application with the same IP address.
Also Google Cloud Platform’s intrusion detection involves tightly controlling the size and make-up of Google’s attack surface through preventative measures, employing intelligent detection controls at data entry points, and employing technologies that automatically remedy certain dangerous situations.
We protect our backend resources from abuse with App Check. App Check is a tool from Firebase that detects invalid requests and intrusions and utilizes reCAPTCHA v3 technology. You can read more about it here: https://firebase.google.com/docs/app-check.
We also utilize Cloudeflare s
Have you noticed any abuse, bug or found a security issue on the app? You can report any vulnerabilities to hello@kululu.me. In the event of an security incident, we will contact all customers involved, and work with you throughout.
Kululu keeps daily encrypted backups of data on Firebase. While never expected, in the case of production data loss, we will restore data from these backups.
