Kubewise

Security Policy

Last Update: March 20th, 2025

1. Introduction

Kubewise is committed to protecting the security and privacy of our users' data. This security policy outlines the measures we take to ensure the confidentiality, integrity, and availability of the data we collect and process.

2. Data Collection and Usage

2.1 Types of Data Collected

  • Personal Data: Name and email address.

  • Company Data: Credit card and billing address. Credit card information is stored securely with Stripe. Credit card information (besides its expiration date and its last 4 digits) does not transit, nor can be accessed by either the Kubewise infrastructure, nor by any Kubewise employees.

  • Cluster Data: Information from Kubernetes clusters regarding applications running on them.

2.2 Data Collection Methods

  • Cluster Data: Collected via the Kubewise agent installed in the user's cluster.

  • User and Company Information: Collected through user prompts in the interface or via Google Single Sign-On (SSO) if the user opts for it.

3. Data Storage

  • Infrastructure: Data is stored in a private cloud infrastructure.

  • Storage: Most collected data is stored in a secured SQL database, as well as in object storage buckets.

4. Data Processing

  • Processing Methods: Data is processed on user demand, which can be scheduled.

  • Third-Party Access: No third-party vendors have access to the collected data.

5. Security Measures

5.1 Encryption

  • In Transit: Data is encrypted using HTTPS with TLS1.2+ for user/Kubewise agent connections and mutual TLS for internal communications (TLS1.3).

  • At Rest: Data is encrypted both in transit and at rest.

  • Principle of least privilege: Our infrastructure follow the least privilege rule where each internal service only have the minimum access they need to function properly.

  • Password Storage: User passwords are stored encrypted using a strong hashing algorithm. When authenticated with Google Single Sign-On (SSO), no password is stored.

5.2 Access Control

  • Role-Based Access Control (RBAC): Administrators can select the role of each user, restricting their access within Kubewise. Please refer to the documentation for more information.

5.3 Security Audits

  • Internal Audits: Kubewise uses its own solution to audit its infrastructure security.

  • External Audits: We are planning on conducting regular external security audits.

6. Compliance

  • GDPR Compliance: Kubewise complies with GDPR regulations to ensure the protection of personal data.

7. User Management

7.1 Authentication

  • Single Sign-On: Users can connect using Single Sign-On (SSO) via Google.

  • Multi-Factor Authentication (MFA): MFA is currently not implemented but is planned for future enhancements.

7.2 Authorization

  • Role-Based Access Control (RBAC): Administrators can select the role of each user to control access to data and features.

8. User Data Requests

8.1 Data Access

  • Access Methods: Data is accessible directly via the platform.

8.2 Data Deletion

  • User data: User data will be automatically deleted when the user account is deleted.

  • Cluster data: Collected data from cluster is automatically deleted when the cluster is deleted.

  • Reports: Generated reports can be deleted by any user with appropriate role. They are also automatically deleted after one year.

9. Third-Party Integrations

9.1 Stripe Integration

  • Payment Processing: Kubewise integrates with Stripe for payment processing using their provided SDK.

  • Data Sharing: Only the minimum necessary information is sent to Stripe to process payments. On the other side, neither Kubewise infrastructure, nor Kubewise employees can have access to credit card information, beside its expiration date and its last 4 digits ; since is a PCI restriction from Stripe that will never change.

  • Security: Stripe is regularly audited for security (PCI certified). More information on their website.

10. Communication

10.1 Policy updates

  • Website Updates: Security policy updates will be posted on the Kubewise website.

  • Email Notifications: Users subscribed to email updates will be notified of significant changes to the security policy.

11. Future Plans

  • Security Audits: Kubewise plans to conduct an external security audit.

  • Enhancements: Continuous improvement of security measures and features.

12. Contact Information

If you have any questions or concerns about this Security Policy, please contact us:
Email: hello@kubewise.io
Address: Nephely SAS, 5 rue des suisses, 75014 Paris, France