Security
Your data is yours.
We keep it that way.
With Kind Folk is built on secure, compliant infrastructure. Your employee data and impact records are private, encrypted, and never shared with third parties.
GDPR compliant
With Kind Folk is fully compliant with the UK GDPR and EU GDPR. We process data only as required to provide our service, and we maintain clear data processing agreements for all customers.
Encryption in transit and at rest
All data is encrypted using TLS 1.2+ in transit and AES-256 at rest. Your employee records, participation data, and impact reports are protected at every layer.
Secure infrastructure
We run on Supabase (PostgreSQL) with row-level security. Every data request is scoped to the authenticated user's organisation — cross-org data access is architecturally impossible.
No data selling
We never sell, share, or license your data to third parties. Your employee records and impact data are used only to provide the With Kind Folk service to you.
Data portability
You can export all your data at any time in CSV format. If you cancel your subscription, you have 30 days to export before we permanently delete your data.
Regular backups
Your data is backed up daily. In the event of any system failure, we can restore your full dataset. We maintain 30 days of rolling backup history.
Data processing and access
Multi-tenancy isolation: Every organisation’s data is isolated using an org_id column on every database table. Row-level security policies in Supabase enforce this at the database layer — it is architecturally impossible for one organisation’s users to access another’s data.
Role-based access control: Within an organisation, users only see data appropriate to their role (Admin, Manager, Employee). Sensitive settings and analytics are restricted to Admin users.
Authentication: We use Supabase Auth with secure session management. Passwords are hashed using bcrypt. We support SSO/SAML for Enterprise customers.
Security questions: If you have specific security or compliance requirements, email us at security@withkindfolk.com. We’ll provide a full data processing agreement, security questionnaire responses, and any other documentation you need.