Security

Enterprise-grade security, by default.

At Kaboom, we implement enterprise-grade security controls across our infrastructure, operations, and products to protect customer data and systems.

Get a demo Visit our Trust Center

Controls

How we keep your data safe.

SOC-2 Certified

Kaboom is compliant with AICPA SOC requirements.

Access & Data Security

We enforce unique system authentication and restricted database access, with AES-256 encryption protecting your data during storage and transmission. Our encryption key management follows strict business requirements to ensure maximum security.

Platform Security

Our systems undergo regular security patches and updates with continuous monitoring to protect against emerging vulnerabilities.

Data Independence

We maintain strict data isolation, ensuring customer data is never used for training or fine-tuning foundation models or shared with other customers.

Infrastructure Monitoring

Your data is protected by secure cloud infrastructure with private networks, regular backups, and continuous security monitoring.

Integration Security

Our integrations with Google, Microsoft, Zoom, and other platforms are officially verified and security-approved by each provider.

FAQ

Frequently asked questions.

How do you keep our data secure?

Kaboom is SOC 2 Type 2 compliant, meaning we adhere to the highest industry standards for data security, availability, processing integrity, confidentiality, and privacy. Our security measures include:

Access Controls: Strict role-based access controls (RBAC) and least privilege access ensure only authorized personnel can access sensitive data.
Encryption: Data is encrypted both at rest (AES-256) and in transit (TLS 1.2+).
Audit Logging & Monitoring: We maintain comprehensive audit logs to track all system access and activities, with real-time monitoring for suspicious behavior.
Data Retention & Deletion Policies: We enforce a Zero-Day Retention (ZDR) policy whenever possible and ensure customer data is securely deleted when no longer needed.
Incident Response Plan: A structured incident response process is in place to detect, investigate, and mitigate security incidents swiftly.
Third-Party Risk Management: Vendors and partners undergo security assessments to ensure compliance with our security and privacy policies.
Regular Security Audits & Penetration Testing: We conduct independent SOC 2 audits and perform periodic penetration testing to identify and remediate vulnerabilities.
Physical & Infrastructure Security | Kaboom leverages secure, enterprise-grade cloud infrastructure with redundancy, disaster recovery, and physical security controls.
Employee Security Training: All employees undergo regular security awareness training, including phishing prevention, data handling, and compliance protocols.

By implementing these SOC 2-aligned security practices, we ensure your data remains secure, private, and protected at all times.

What control do we have over our data?

You maintain full ownership and control of your data. You decide who has access to what information, and we provide tools to manage these permissions. If you choose to leave our platform, we'll ensure it's removed from our systems.

Where does Kaboom AI store our information?

We use enterprise-grade cloud infrastructure to store your data securely. For companies with specific data location requirements, we offer options to deploy within your preferred infrastructure as part of our enterprise plan.

How do you handle security incidents?

We follow documented incident response procedures with regular testing, maintaining comprehensive tracking and communication protocols for resolution and improvement.

Will our data be used by third-parties to train their models?

Kaboom is designed to be agnostic to the underlying large language models (LLMs). We provide third-party LLM options that are not trained on customer Content Data. To ensure data security, we implement enterprise-grade security measures and, whenever feasible, enforce a Zero-Day Retention (ZDR) policy with our third-party providers. Under no circumstances is customer data used to train third-party LLMs.

Does Kaboom store every single record from integrations?

Kaboom only stores records that the user has explicitly specified based on account name and account-level data, email domains, or specific email addresses. Any data that falls outside of these predefined whitelisted rules and patterns is neither processed nor stored in Kaboom.

Will Kaboom index our data?

For indexing purposes, data added through integrations or uploads to Kaboom may be processed and stored in a vectorized format within our vector database. This format does not retain raw text and is not human-readable. Kaboom does not index customer data in plaintext, ensuring enhanced security and privacy.

Will employees at Kaboom be able to see our data?

Kaboom employees do not have default access to your workspace. They can only access it if you explicitly grant them access by extending an invitation. Even when invited, Kaboom employees cannot view any files without specific permission based on the invited roles.

Kaboom developers have access to underlying databases; however, access is strictly controlled through “least privilege” principles and monitored via audit trails to prevent unauthorized access to your data.

Get started

Schedule your personalized demo now to see AI in action.

Get a demo Visit our Trust Center