Security

Security, built in.

The sites we build are the sites we run. That means security isn’t a one-off audit. It’s the monitoring, patching, and scanning that keep going after launch.

How we work

We watch continuously

Uptime, errors, certificate and domain expiry, and latency are monitored around the clock through Kyln Ops. On a care plan, we usually see a problem before you do.

We keep dependencies current

Dependency updates are reviewed against policy and merged on green checks. Codebases and live sites are scanned regularly for known vulnerabilities, secrets, and misconfigurations.

We default to least access

Credentials are encrypted at rest, scoped tightly, and never exposed in our tooling by name or value. Our automated checks are read-only against your infrastructure.

Responsible disclosure

Found a vulnerability in a Kyln site? Please report it privately and give us the chance to fix it. We won’t pursue good-faith research that follows this guidance.

  • Email contact@kyln.digital with the subject “Security”.
  • Tell us what you found, where, and how to reproduce it.
  • Give us a reasonable window to fix it before sharing it publicly.
  • Don’t access, change, or delete data that isn’t yours, and don’t run anything that degrades a live service.

Prefer a form? Report an issue and mark it security.