Waking up database...
    Skip to main contentSkip to navigation
    Back to Home

    Data Security

    Last updated: January 13, 2026

    Our Commitment to Security

    At KinVisuals.com, we understand that your family's data is precious and personal. We employ multiple layers of security to ensure your information remains safe, private, and accessible only to you.

    Encryption

    Data in Transit

    All data transmitted between your device and our servers is encrypted using TLS 1.3 (Transport Layer Security), the same encryption standard used by banks and financial institutions. This ensures that your data cannot be intercepted or read by third parties during transmission.

    Data at Rest

    All data stored in our databases is encrypted at rest using AES-256 encryption, one of the strongest encryption standards available. This means that even if someone were to gain unauthorized access to our storage systems, they would not be able to read your data.

    Authentication & Access Control

    • Secure Authentication: We use Clerk for authentication, which provides industry-standard security including password hashing, multi-factor authentication support, and session management.
    • User Access Control: Your family data is only accessible to you and those you explicitly invite. Each user has their own secure account with unique credentials.
    • Role-Based Permissions: You control who can view, edit, or manage your family tree. Invited family members have limited access based on your preferences.

    Infrastructure Security

    Cloud Infrastructure

    We host our services on industry-leading cloud platforms (Vercel, Supabase/Neon) that provide:

    • 99.9% uptime SLA guarantees
    • Automated backups and disaster recovery
    • DDoS protection and mitigation
    • Regular security audits and compliance certifications
    • Geographic data redundancy

    Database Security

    Our databases are protected by:

    • Encrypted connections only
    • IP whitelisting and firewall rules
    • Regular security patches and updates
    • Automated backup systems
    • Access logging and monitoring

    Payment Security

    We use Stripe for payment processing, which means:

    • We never store your credit card information
    • All payments are processed securely through Stripe's PCI-DSS compliant systems
    • Your payment data is encrypted and tokenized
    • Stripe handles all compliance requirements (PCI-DSS Level 1)

    Security Monitoring & Incident Response

    We continuously monitor our systems for security threats and anomalies:

    • 24/7 security monitoring and alerting
    • Automated threat detection
    • Regular security audits and penetration testing
    • Incident response procedures
    • Regular security training for our team

    In the unlikely event of a security incident, we will:

    • Immediately investigate and contain the threat
    • Notify affected users within 72 hours
    • Work with security experts to resolve the issue
    • Provide transparent updates on the situation
    • Take steps to prevent future incidents

    Data Backup & Recovery

    Your data is automatically backed up:

    • Daily automated backups
    • Multiple backup copies stored in different geographic locations
    • Point-in-time recovery capabilities
    • Regular backup integrity testing
    • You can export your data at any time

    Compliance & Certifications

    We are committed to maintaining compliance with relevant data protection regulations:

    • GDPR: General Data Protection Regulation (EU)
    • CCPA: California Consumer Privacy Act
    • SOC 2: Our infrastructure providers maintain SOC 2 Type II compliance
    • ISO 27001: Our cloud providers are ISO 27001 certified

    Your Role in Security

    While we handle the technical security, you can help protect your account by:

    • Using a strong, unique password
    • Enabling multi-factor authentication when available
    • Not sharing your account credentials
    • Logging out when using shared devices
    • Keeping your browser and devices updated
    • Being cautious about who you invite to your family tree

    Reporting Security Issues

    If you discover a security vulnerability or have concerns about our security practices, please contact us immediately at security@ancestryvault.com. We take all security reports seriously and will respond promptly.

    Contact Us

    For questions about our security practices or to report a security concern:

    Security Team: security@ancestryvault.com

    General Support: support@ancestryvault.com