Security at TendKin
Your family's care information is sensitive. Here's how we protect it.
Encryption in transit
All data is transmitted over TLS 1.2+. We use HTTPS everywhere and redirect any HTTP requests.
Encryption at rest
All data is encrypted at rest using AES-256. Private check-in data uses an additional encryption layer.
Access controls
Family member data is access-controlled. Your private check-ins can only be accessed by you. Employees cannot access private check-in content.
Breach notification
If we discover a security breach affecting your data, we will notify you within 72 hours via email, consistent with FTC Health Breach Notification Rule requirements.
Responsible disclosure
If you discover a security vulnerability in TendKin, please report it to security@tendkin.com. We review all reports and respond within 48 hours. We ask that you not publicly disclose vulnerabilities until we have had the opportunity to address them.
We do not operate a bug bounty program at this time, but we are grateful for responsible security research and will acknowledge your contribution.