Apply Now
At Kashable, consumer data protection is paramount. We protect employee data using bank-level security and strong encryption throughout our infrastructure stack. Sensitive data is stored with trusted banking partners or secure data hosting services. We do not share employee data with third parties for marketing.
Kashable is committed to maintaining the highest standards of security and compliance. We have achieved SOC 2 Type II certification and are PCI-DSS Level 3 certified, reflecting our dedication to protecting consumer data and ensuring the integrity and security of our platform. These certifications demonstrate Kashable's ongoing commitment to rigorous security practices and compliance with industry-leading standards.
Kashable's accreditations include
PCI-DSS Version 4.0
SOC 2 Type II
Encrypt Data in Transit: Enable HTTPS connections for all web traffic and TLS 1.2 encryption for all
socket
connections
Encrypt Sensitive Data at Rest: Database files are physically encrypted and PII data is persisted in
encrypted format
Authentication (multi-factor when available) for access to
all secured systems
Secure Software Development Practices
Secure virtual data rooms for exchanging employee eligibility and deduction data
Logged and audited access to sensitive data
Kashable prioritizes comprehensive cybersecurity measures to ensure the protection of our infrastructure and customer data
Role-based access to customer data
Pre-employment background checks
Company networks isolated behind firewall
Physical records and premises locked when unattended
Kashable’s policies ensure compliance with state and federal laws relating to lending, privacy, credit reporting, and record retention.
At Kashable, we are committed to maintaining the highest standards of security for our platforms and users. Recognizing the critical role that an engaged security research community plays in cybersecurity, we are excited to launch the Kashable Security Bounty Program. This program aims to reward security researchers for their efforts in discovering and reporting potential vulnerabilities in our systems, thereby helping us secure our services and protect our users.
Find Out More
This program is open to anyone aged 18 and over, except residents of countries under U.S. sanctions, or any individual who appears on the U.S. Treasury Department's Specially Designated Nationals List or the Consolidated Sanctions List or any other restricted party lists. To participate, researchers must:
Avoid testing that results in any form of service degradation, unauthorized data access, or data
destruction
Refrain from disclosing vulnerability details to the public, or any third party, until Kashable has
had
an opportunity to address the issue
Provide detailed reports, allowing our security team to efficiently reproduce and address the
findings
Comply with all applicable laws, including local laws of the country or region in which you reside or in which you download or use Kashable’s mobile app, software or services.
Rewards will be determined based on the impact, severity, and exploitability of the vulnerability, guided by the Common Vulnerability Scoring System (CVSS). Reward payments are granted solely at Kashable's discretion. Given our organization's size and resources, our reward tiers are as follows:
Kashable pledges not to pursue legal action against individuals who:
Participate in the program in good faith
Adhere to the program rules
Do not engage in illegal activities against Kashable or its users
The terms and conditions of this program are subject to change. Participants are encouraged to review the bounty program details regularly. Kashable exclusively reserves the right to modify reward tiers, program scope, or terminate the program.