Security

Infrastructure security

Our platform is hosted on Vercel and Supabase, industry-leading platforms trusted by thousands of companies worldwide.

Vercel provides enterprise-grade edge infrastructure with automatic DDoS protection, and is SOC 2 Type II compliant. For more details, visit Vercel Security.

Supabase hosts our database infrastructure with built-in security features including row-level security, encrypted backups, and network isolation. Supabase is SOC 2 Type II compliant. For more details, visit Supabase Security.

Encrypted transmission

All user data is transported securely, encrypted in transit and encrypted at rest. Encrypting your data provides an additional layer of protection against events such as unauthorized modification and man-in-the-middle attacks.

We use 256-bit SSL/TLS 1.2 encryption for data in transit, and industry-standard AES-256 algorithms for data at rest.

Platform architecture

Our platform is designed following modern architecture principles, meaning our services and their underlying backend components are decoupled from each other. This enables us to automatically scale infrastructure based on demand, with minimal impact to business operations.

Infrastructure resources are created directly from code instructions, commonly referred to as "Infrastructure as Code" (IaC). Backend infrastructure is frequently replaced as part of our continuous deployment pipeline to ensure consistent and version-controlled environments.

Platform reliability

Our platform is designed to be highly available and fault tolerant. We monitor continuously and automatically trigger prioritized alerts directly to the responsible teams who react accordingly.

Sometimes unexpected issues do happen. When our monitoring detects an issue that may impact your experience with our service, we take ownership and keep you updated in real-time.

Your privacy rights

Koji is dedicated to ensuring that all customer and participant personal data is treated in accordance with the General Data Protection Regulation ("GDPR") and other applicable privacy laws.

We do not use your data to train AI models. Interview responses and research content are processed solely to provide you with insights and analysis. For more details, please see our Privacy Policy.

Payment security

Koji does not directly store any credit card or payment information. We have partnered with Stripe to securely handle the sensitivity of payment processing data.

Stripe is a PCI Service Provider Level 1 certified payment processor—the most stringent level of certification available. Please see Stripe's security documentation for more information about their security commitment and PCI compliance.

AI model security

Our AI-powered interviews use leading language models with enterprise-grade security. Your research data is processed in isolated environments and is never used to train or improve underlying AI models.

We maintain strict data handling agreements with our AI providers to ensure your information remains confidential and is handled in accordance with our privacy commitments.

Questions

If you have any security questions or if you believe you have found a security vulnerability, please don't hesitate to contact us. Select "Privacy & Legal" as the reason for your inquiry.