Security

Kincura is built with the sensitivity of your information in mind.

Access

Your data is only visible to you and the people you invite.

Your information is private and never shared or sold

Information about your loved ones is encrypted and never shared with or sold to third parties.

Your account is protected against unauthorized access

Repeated failed login attempts automatically lock the account. You can add a second layer of protection by enabling two-factor authentication from your account settings.

Encryption

Your data is encrypted — at rest and in transit.

Stored data is encrypted

Every document and record is encrypted before it is written to storage, using AES-256-GCM — the same standard used by banks and government agencies.

Data in transit is encrypted

All communication between your browser and Kincura is encrypted. Unencrypted connections are not permitted.

Your data

Your data belongs to you.

Your data is never used to train AI

Kincura does not use your documents, health information, or personal data to train artificial intelligence models — now or in the future.

You can delete everything at any time

Deleting your account permanently removes all of your records, documents, and personal information. This can be initiated from your account settings at any time.

Your Data Rights

You have the right to access, correct, and delete your data. See our Privacy Policy for full details.

Infrastructure

Hosted on infrastructure that has been independently audited.

SOC 2 Type II certified architecture

The infrastructure Kincura runs on holds a SOC 2 Type II certification — an independent audit that verifies security controls are in place and operating as intended. This is not a self-assessment.

Attack protection

The infrastructure includes protections against common network-level attacks, with automatic TLS certificate management to ensure encryption remains in place.

Files are never publicly accessible

Uploaded files are stored in private, isolated storage. Accessing a file requires account authentication.

Common questions

Who can see my care recipient data?

Only you and the people you explicitly invite. You control what each person can access — within a section or down to a specific subsection, such as the medication schedule or estate documents only. Each collaborator is set as a viewer or editor, and you can revoke their access at any time. Collaborator access expires after one year and requires your renewal.

What happens if I delete my account?

Deleting your account permanently removes all of your data — records, documents, and account information. This action cannot be undone.

What are my data rights?

You have the right to access, correct, and delete your data. You can request a copy of your data at any time by emailing info@kincura.com — we fulfill requests within 30 days. You can initiate deletion of your account and associated data directly from your account settings.

How do I set up two-factor authentication?

Go to Settings → Security and select "Enable two-factor authentication." You will be prompted to scan a QR code using an authenticator app on your phone. Google Authenticator, Authy, and Apple's built-in Passwords app all work. Once set up, you will be asked for a six-digit code from the app each time you log in.

How do you handle security vulnerabilities?

If you discover a security issue, please contact us at support@kincura.com. We take all reports seriously and respond promptly.

Have a security question or want to report a concern?

Get in touch