KINETRY

Security & data protection

What Kinetry does to protect workplace assessment data — described concretely, because every mechanism on this page exists in the code that runs the product.

Signing in
No passwords, anywhere

Kinetry has no password field and stores no passwords. You sign in with a link emailed to you. There is no password to phish, reuse, or leak.

Sign-in links are single-use and short-lived

Each link is a 32-byte random token that expires in 15 minutes and works exactly once — stored only as a cryptographic hash, and claimed atomically, so two uses of the same link can never both produce a session. Link requests are rate-limited per account, and the response never reveals whether an email address has an account.

Sessions are signed and scoped

Session cookies are HMAC-SHA256-signed, HTTP-only, and secure in production, with a 7-day maximum lifetime. Tokens carry a purpose (session, read-only view, signup) and each is rejected outside its purpose — a read-only token can never be replayed as a full session.

Your workspace is walled off
Isolation fails closed

Every data read is scoped to the workspaces your account may see. A normal account sees exactly one workspace: its own. A consultant sees a client workspace only through an explicit per-client grant — there is no ambient cross-workspace access, and an unconfigured account resolves to zero workspaces, not all of them.

Your data is never shown to unrelated customers

No score, name, or note from your workspace appears in any unrelated customer's workspace, and your data is never pooled into cross-customer comparisons in identifiable form — the Terms (§6) permit only de-identified aggregates that can't identify your company or people. The one cross-workspace view that exists is a consultant's own portfolio: exactly the client workspaces that consultant was explicitly granted, which is the engagement itself.

The public demo can't touch anything

Demo sessions are read-only, enforced on the server: the read-only flag comes from the database identity of the demo workspace itself, so it can't be stripped by a client. Every mutating action refuses read-only sessions.

Support access is disclosed

Kinetry has platform-level administrative access to customer workspaces, used to operate, maintain, support, and improve the service and to deliver contracted advisory work — disclosed in the Terms (§8). Separately, when any admin — including us — browses a workspace as one of its people ("view as"), that session is read-only, expires after two hours, and every one is written to an append-only audit record.

Rater anonymity
Small numbers are never published

In 360 mode, any behavior with fewer than 3 raters shows as "insufficient data," never a number, and each perspective (peers, upward, project) has its own minimum before it counts at all. The full fairness machinery is public at How scores are protected. (Advisor mode is different by design: there, one named advisor does the assessing, and everyone knows who.)

Deletions can't unmask raters

When someone's data is erased, every assessment cycle they rated in that has published scores is frozen — permanently. Without the freeze, re-computing a cycle after a deletion would let someone diff old and new scores to reconstruct what the erased person said. Frozen cycles are never re-scored.

Raw 360 responses are exported to no one

Workspace data exports mirror what the product shows and never widen it: in 360 mode, individual raters' raw responses and notes are not included in any export — not even the workspace owner's. A person's raw self-assessment is included only when they export their own data themselves.

Your data rights
Full export, machine-readable

Workspace admins can export the workspace's data as JSON at any time, and any person's data can be exported individually. Exports follow the same visibility rules as the product.

Permanent erasure, on request

A person — or an entire workspace — can be permanently erased. Erasure runs as a single database transaction and writes a minimal, relation-free ledger entry (what was erased, when, on whose request) that survives the deletion it documents. Statistical aggregates covering 4 or more people are retained de-identified; anything smaller is deleted with the person. Retention and erasure are covered in the Privacy Policy.

Downgrading deletes nothing

Canceling or downgrading only changes what the plan displays — score history is retained in full and comes back if you re-upgrade. Deletion happens only when you ask for erasure.

Payments and infrastructure
Card data never touches Kinetry

All payment collection happens on Stripe-hosted checkout and billing pages. Kinetry's code contains no card fields — we never see, transmit, or store a card number. Billing events from Stripe are accepted only with a verified cryptographic signature.

Hosting and transport

Kinetry runs on Vercel with a Neon-hosted PostgreSQL database, and all traffic is encrypted in transit (TLS). Responses ship with hardened headers: content-type sniffing disabled, framing denied (no clickjacking), strict referrer policy, and camera/microphone/geolocation/payment browser APIs disabled.

Error tracking configured to exclude your data

Error reports (Sentry) are configured without session replay and without personal-data capture — screens in this product show workplace assessments, and recording them into an error tracker would be wrong, so we don't. Anything that incidentally lands in an error message ages out within 90 days; that residual window is disclosed in the Privacy Policy.

The scoring methodology stays on the server

The framework's scoring weights and formulas are trade secrets enforced in code: the modules that hold them cannot be bundled into browser JavaScript (the build fails), and exports strip them. What is public — the 24 behaviors and the fairness rules — is public on purpose.

What we don't offer yet

Kinetry does not yet offer single sign-on (SAML/OIDC) and does not yet hold compliance certifications such as SOC 2 — it's an early-stage product run by its founder. If one of these gates your purchase, email chris@kinetry.ai and you'll get a direct answer about what's planned and when.

Security questions or reports: chris@kinetry.ai. Related reading: How scores are protected · Privacy Policy · Terms of Service