Our commitment to security
At KiraHelp, we take the security of your property data seriously. We employ industry-standard security practices and continuously monitor our systems to protect your information from unauthorized access, disclosure, alteration, or destruction.
Infrastructure security
- Cloud hosting: KiraHelp is hosted on Vercel's secure infrastructure with automatic scaling and DDoS protection
- Database: All data is stored in Supabase (PostgreSQL) with encryption at rest and in transit
- UK data residency: All data is stored within the United Kingdom to comply with UK GDPR requirements
- Backup and recovery: Automated daily backups with point-in-time recovery capabilities
Data encryption
- In transit: All data transmitted between your browser and our servers uses TLS 1.3 encryption
- At rest: All database records and file storage are encrypted using AES-256 encryption
- Authentication: Passwords are hashed using bcrypt with strong salting
- Session management: Secure, HTTP-only cookies with strict same-site policies
Access controls
- Role-based access: Users only see data they are authorized to access (landlords, tenants, maintenance, team members)
- Row-level security: Database-level policies ensure data isolation between properties and users
- Audit trails: All property maintenance actions are logged with timestamps and user information for 6 years
- Multi-factor authentication: Available for landlord and admin accounts (coming soon)
AI security
Kira, our AI assistant, processes issue descriptions and photos to provide intelligent triage and guidance. All AI processing is conducted by Anthropic (Claude), a trusted AI provider with strong security and privacy commitments:
- Issue data is transmitted securely over encrypted connections
- Anthropic does not train their models on your data
- AI processing complies with UK GDPR requirements
- Human oversight is maintained for critical decisions
Compliance
- UK GDPR: Full compliance with UK General Data Protection Regulation
- Data Protection Act 2018: Compliance with UK data protection law
- Landlord legal requirements: 6-year retention of property maintenance records as required by UK law
- Regular audits: Periodic security reviews and vulnerability assessments
Incident response
In the unlikely event of a security incident, we have procedures in place to:
- Detect and respond to security threats promptly
- Notify affected users within 72 hours as required by UK GDPR
- Report incidents to the Information Commissioner's Office (ICO) where required
- Implement corrective measures to prevent recurrence
Your security responsibilities
While we work hard to protect your data, security is a shared responsibility:
- Use a strong, unique password for your KiraHelp account
- Never share your login credentials with anyone
- Log out of shared devices after using KiraHelp
- Report any suspicious activity to security@kirahelp.com
Responsible disclosure
If you discover a security vulnerability in KiraHelp, we appreciate your responsible disclosure. Please report security issues to security@kirahelp.com rather than posting publicly. We will acknowledge your report within 48 hours and work with you to resolve the issue.