Security
How we protect your data
Infrastructure
Application deployed on Vercel's edge network with global CDN distribution for high availability and disaster recovery.
All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.3.
Automated daily backups with 30-day retention and point-in-time recovery capabilities.
Vercel DDoS protection, Row-Level Security (RLS) on all database tables, and API rate limiting to prevent attacks and unauthorized access.
Access Controls
Authentication via Supabase Auth with TOTP-based two-factor authentication (2FA/MFA) for enterprise customers.
Role-Based Access Control (RBAC) with granular permissions for team members.
Two-Factor Authentication (2FA) available for all accounts with support for authenticator apps and SMS.
Activity logging and usage tracking built into the platform for compliance requirements.
Compliance
Security best practices followed with plans for Industry security standards certification as we scale.
GDPR compliant with full data processing agreements available for EU customers.
CCPA compliant with transparent data handling practices and opt-out mechanisms.
Data Handling
Competitive intelligence data is collected only from publicly available sources.
Your data is logically isolated from other customers with strict tenant boundaries.
Data deletion requests are processed within 30 days in accordance with our data deletion policy.
Vulnerability Reporting
We take security seriously and appreciate responsible disclosure. If you discover a security vulnerability, please report it to us so we can address it promptly.
Email security issues directly to: security@kompense.com
We aim to acknowledge all reports within 24 hours and provide a detailed response within 72 hours. We will not take legal action against researchers who follow responsible disclosure practices.