Security
The sites we build are the sites we run. That means security isn’t a one-off audit. It’s the monitoring, patching, and scanning that keep going after launch.
How we work
Uptime, errors, certificate and domain expiry, and latency are monitored around the clock through Kyln Ops. On a care plan, we usually see a problem before you do.
Dependency updates are reviewed against policy and merged on green checks. Codebases and live sites are scanned regularly for known vulnerabilities, secrets, and misconfigurations.
Credentials are encrypted at rest, scoped tightly, and never exposed in our tooling by name or value. Our automated checks are read-only against your infrastructure.
Responsible disclosure
Found a vulnerability in a Kyln site? Please report it privately and give us the chance to fix it. We won’t pursue good-faith research that follows this guidance.
Prefer a form? Report an issue and mark it security.