Security
Kincura is built to hold some of the most sensitive information a family has.
Your data is only visible to you and the people you invite.
Kincura staff cannot access your records
The system is designed so that Kincura employees have no access to your personal data, documents, or care information.
Your account is protected against unauthorized access
Repeated failed login attempts automatically lock the account. You can add a second layer of protection by enabling two-factor authentication from your account settings.
Your data is encrypted — at rest and in transit.
Stored data is encrypted
Every document and record is encrypted before it is written to storage, using AES-256-GCM — the same standard used by banks and government agencies.
Data in transit is encrypted
All communication between your browser and Kincura is encrypted. Unencrypted connections are not permitted.
Your data belongs to you. We do not use it for anything else.
Your data is never used to train AI
Kincura does not use your documents, health information, or personal data to train artificial intelligence models — now or in the future. Your data exists solely to provide you with the service.
Your data is never sold or shared
Kincura does not sell your personal information or share it with advertisers.
You can delete everything at any time
Deleting your account permanently removes all of your records, documents, and personal information. This can be initiated from your account settings at any time.
GDPR and CCPA compliant
You have the right to access, correct, and delete your data at any time. California residents have additional rights under CCPA. See our Privacy Policy for full details.
Hosted on infrastructure that has been independently audited.
SOC 2 Type II certified
The infrastructure Kincura runs on holds a SOC 2 Type II certification — an independent audit that verifies security controls are in place and operating as intended. This is not a self-assessment.
Attack protection
The infrastructure includes protections against common network-level attacks, with automatic TLS certificate management to keep connections secure.
Files are never publicly accessible
Uploaded files are stored in private, isolated storage. Accessing a file always requires authentication.
Who can see my data?
Only you — and any family members or caregivers you explicitly invite. Kincura staff cannot access your records. Data isolation is enforced at the database level.
Is my data sold or shared?
No. Your data is never sold, shared, or used for advertising. It exists solely to provide you with the Kincura service.
What happens if I delete my account?
Deleting your account permanently removes all of your data — records, documents, and account information. This action cannot be undone.
Are you GDPR compliant?
Yes. You can request a copy of your data at any time by emailing info@kincura.com — we fulfill all requests within 30 days. You can initiate deletion of your account and all associated data directly from your account settings.
How do I set up two-factor authentication?
Go to Settings → Security and select "Enable two-factor authentication." You will be prompted to scan a QR code using an authenticator app on your phone. Google Authenticator, Authy, and Apple's built-in Passwords app all work. Once set up, you will be asked for a six-digit code from the app each time you log in.
How do you handle security vulnerabilities?
If you discover a security issue, please contact us at support@kincura.com. We take all reports seriously and respond promptly.
Have a security question or want to report a concern?
Get in touch