Security

Built like the brand pages it ships.

Calm engineering, careful defaults, and zero shortcuts on the things that protect creator data.

Encrypted in transit and at rest

TLS 1.3 for every request. Database, storage and backups encrypted with AES-256.

Server-side entitlement checks

Every billing or feature gate runs on the server. The client is never trusted.

Row-Level Security on every table

Postgres RLS is enabled on day one — even during development. No exceptions.

Token-scoped private shares

Private creator pages issue short-lived tokens with passphrase gates.

Country-level access controls

Creators can restrict their pages to specific countries with edge-evaluated rules.

Quarterly third-party audit

We schedule independent reviews of our auth, billing, and storage flows every quarter.

Audit log for every sensitive action

Sign-ins, password changes, page visibility changes, and admin actions are append-only.

Verified outbound email

DKIM, SPF and DMARC aligned. Bounce and complaint handling on every send.

Compliance posture

Practical, transparent, and honest about where we are on the journey.

GDPR

Compliant. Data subject requests handled within 30 days.

CCPA

Compliant. Sale opt-out is irrelevant — we never sell user data.

SOC 2 Type II

In progress. Targeting completion before public launch.

Found a security issue? Email security@kitpager.pro — we respond within 24 hours and credit responsible disclosure in our changelog.

Ready to look the part?

Build a brand-ready kit in five minutes. Free forever — upgrade when you book.