Ninja Kiwi is committed to maintaining trust with our end-users (you!). To that end, we strive to do keep the data of our millions of users safe.
Data Security: All passwords for end-users are stored using a modern one-way-hash function. Where possible our databases are encrypted at rest. PII stored in our analytics system is encrypted using AES encryption using a unique key per account.
Infrastructure Security: Our public infrastructure is protected by an industry-leading Web Application Firewall (WAF). Also, these public services are protected from Distributed Denial of Service (DDOS) and credential stuffing attacks. Our private infrastructure (databases, load balancers, etc) are protected by strict firewall rules and access controls. Ninja Kiwi's global presence means we have an infrastructure team available 24/7 to respond to any threat.
Access Security: We've put in place strict access controls to the data which limit the number of Ninja Kiwi employees who have access to sensitive data (this is generally limited to our support team and infrastructure team).
Data Hosting: All Service Data is stored in the United States of America.
You can view the full text of our policy documents using the links below.