Your data is yours.
We keep it that way.
Institutional-grade data protection. Read-only access, no model training, revocable connections, SOC 2 Type II controls, and end-to-end encryption.
Enterprise-grade security.
Read-only access
No model training
Revocable connections
SOC 2 Type II
End-to-end encryption
Tenant isolation
Data encrypted at rest with AES-256 and in transit with TLS 1.2+. SOC 2 Type II in progress.
Four commitments that govern every design decision we make about your data.
How we think
about your data.
Kimpton can only view your holdings and historical transactions. No trading, no transfers, no changes — ever. Portfolio connections use read-only integrations so there is complete separation from your assets.
Your portfolio data, research queries, and analysis results are never used to train AI models. We use commercial AI models with strict data processing agreements that prohibit training on customer data.
Your data is walled off from every other customer. Analysis runs in a private sandbox, and Kimpton employees do not have default access to customer portfolios — any access requires specific, individual authorization.
Disconnect a portfolio connection at any time and the associated holdings and transactions are immediately deleted. Need a full account deletion? Email security@kimpton.ai.
Infrastructure &
compliance.
Enterprise-grade sign-on via Auth0. Multi-factor authentication. Session management with automatic expiration.
AES-256 encryption at rest. TLS 1.2+ in transit. All sensitive data encrypted with per-tenant keys.
Your data is walled off from every other customer. Analysis runs in a private sandbox and is never co-mingled across customers.
Data stored and processed in US-based infrastructure, hosted on SOC 2 Type II compliant providers.
In progress. Live compliance status published at trust.kimpton.ai; full controls matrix available on request for enterprise customers.
Live compliance,
live controls.
Our trust center publishes real-time status of our security controls, policies, and SOC 2 progress. It's the single source of truth for our compliance posture — available to review any time.
Common questions.
Can Kimpton trade on my behalf or transfer funds?
No. Kimpton uses read-only integration. We have zero ability to execute trades, initiate transfers, or modify your accounts in any way.
Is my data used to train AI models?
Never. We use commercial AI models with strict data processing agreements that prohibit training on customer data.
What happens if I disconnect my portfolio?
When you remove a Plaid connection, the associated holdings and transaction data are immediately deleted from our systems. Contact security@kimpton.ai if you need a full account deletion.
What is your SOC 2 status?
SOC 2 Type II is in progress. We are actively completing controls and gathering evidence with our compliance platform; live status is available at trust.kimpton.ai. Contact security@kimpton.ai for the current controls matrix.
The job's not
finished.
Security is an ongoing practice, not a finished project. We're confident in the controls we have today — read-only access, no model training, tenant isolation, and encryption everywhere — but the landscape of threats keeps moving, and so do we.
SOC 2 Type II is in progress — controls and evidence are being completed now, and live status is published at trust.kimpton.ai. Fine-grained access controls, audit trails, and SAML SSO are on the enterprise roadmap — table stakes, not bonus features.
If you find something we should fix, tell us at security@kimpton.ai. For general questions, see support; for data handling, see our privacy policy. We'd rather hear it from you than miss it.