Security
Last updated: March 9, 2026
We design Kelantro with layered security controls to protect account and workspace data.
Encryption in Transit
Application traffic is served over HTTPS/TLS to protect data in transit.
Credential Protection
Password-based credentials are stored as secure hashes. Plain-text passwords are not stored.
Data Storage Controls
Access to production data is restricted and monitored, with operational backup and recovery procedures.
Session and Access Controls
Authentication, session expiry, and anti-CSRF controls are used to reduce account takeover risk.
Abuse and Limit Enforcement
Rate limiting, usage controls, and suppression workflows are used to help prevent abuse.
Third-Party Integrations
Billing, email, and AI integrations are handled through vetted providers with contractual safeguards.
Security Practices
- Dependency and vulnerability management processes
- Input validation and defensive API design
- Database query safety through ORM and parameterized access patterns
- Secure coding practices for common web risks
- Environment-based secret management
- Operational logging for incident investigation
- Controlled access to administrative functions
Incident Response and Reporting
We maintain incident response procedures for detection, containment, remediation, and post-incident review. Where required by law or contract, we notify affected customers of confirmed incidents within applicable timelines.
Shared Responsibility
We secure the platform infrastructure and core service controls. You are responsible for secure account access, data uploaded to your workspace, recipient compliance, and appropriate use of connected mailboxes.
Report a Vulnerability
If you discover a potential security issue, report it to support@kelantro.com with reproduction details. Please avoid public disclosure until we investigate.