Security

Our approach

Fashion brands trust Kampana with product references, brand DNA and unreleased designs. We treat that data as sensitive by default and build security in across infrastructure, access, AI and operations.

Infrastructure

• Hosted on hardened cloud infrastructure with isolated environments per workload.
• Data encrypted in transit (TLS 1.2+) and at rest.
• Regular backups with tested restore procedures.

Access control

• Least-privilege access for our team, reviewed on a recurring cadence.
• SSO and 2FA on all internal admin systems.
• Audit logging on production access.

AI usage

• We do not train foundation models on your private brand data without explicit consent.
• We use enterprise-grade AI providers with zero-retention configurations where available.
• Prompt and output logs are minimized and access-controlled.

Application security

• Modern framework defaults (CSRF protection, output escaping, parameterized queries).
• Dependency scanning and timely patching.
• Secrets stored in a managed secret manager, never in code.

Data handling

• You can export or delete your data on request.
• Brand assets are isolated per workspace.
• Subprocessors are reviewed and listed on request.

Incident response

We maintain a documented incident response process. Confirmed incidents that affect customer data are communicated to impacted customers without undue delay.

Responsible disclosure

Found something? Email security@kampana.io. Please give us a reasonable window to investigate and fix before public disclosure.

Compliance roadmap

We're aligning our controls toward SOC 2 and GDPR readiness. Contact security@kampana.io for our latest status and a security questionnaire.