Data protection and regulations
Kisi adheres to rigorous data protection compliances and regulations, ensuring the highest level of privacy and security for users' data across multiple jurisdictions.
Data protection regulations
GDPR (General Data Protection Regulation)
European data protection regulation ensuring privacy rights for individuals. Kisi is fully GDPR compliant, providing:
- Data subject rights: Right to access, rectify, and delete personal data
- Privacy by design: Built-in privacy protections from the ground up
- Data processing transparency: Clear documentation of how data is used
- Consent management: Granular consent controls for data processing
- Data breach notification: Prompt notification procedures for data incidents
- Data protection officer: Dedicated privacy compliance oversight
CCPA (California Consumer Privacy Act)
California data privacy law protecting consumer personal information. Kisi complies with CCPA requirements:
- Consumer rights: Right to know what personal information is collected
- Data deletion: Right to delete personal information
- Opt-out rights: Right to opt-out of the sale of personal information
- Non-discrimination: No discrimination for exercising privacy rights
- Transparent disclosures: Clear privacy policy and data collection practices
Government compliance
NDAA (National Defense Authorization Act)
Defense-related procurement regulations ensuring security for government installations:
- Component verification: All hardware components verified for compliance
- Supply chain security: Trusted manufacturing and assembly partners
- Documentation: Complete compliance documentation available
- Ongoing monitoring: Regular compliance assessments and updates
TAA (Trade Agreements Act)
Procurement rules for US government agencies ensuring products meet trade agreement requirements:
- Manufacturing compliance: Products manufactured in TAA-compliant countries
- Component sourcing: All components sourced from approved suppliers
- Certification: Full TAA compliance certification available
- Supply chain transparency: Complete visibility into manufacturing origins
Privacy principles
At Kisi, we are committed to privacy by design principles:
Our privacy pledge
Kisi will:
- Be clear with individuals when collecting personal information
- Incorporate privacy-by-design principles into product development
- Use industry-standard best practices to keep your data safe
- Provide transparency about how personal information is processed
Kisi will not:
- Sell personal information to third parties
- Use personal information for purposes other than originally intended without notice
- Access customer data except for service provision and enhancement
- Share customer data across different customer environments
For complete details about our data protection practices, see our Privacy Policy.
Data storage and encryption
What data is stored
Kisi stores user information, access permissions, door usage logs, device configurations, and optional profile images and surveillance footage.
Encryption methods
All data is encrypted using AES encryption at rest and TLS 1.2 in transit. Devices use mutual authentication and per-device encryption keys.
Data retention and disposal
Retention policies
- Access logs: Retained according to customer configuration and legal requirements
- User data: Retained while accounts are active
- Audit logs: Retained per compliance requirements
- Device data: Automatically synchronized to cloud with local retention policies
Secure disposal
- Data deletion capabilities available through the Kisi Dashboard
- Organization deletion removes all associated data
- Secure data wiping procedures for decommissioned hardware
- Compliance with GDPR "right to be forgotten" requirements
For specific retention periods by data type, see our device documentation at docs.kisi.io.