Security Policy

Kiuwan uses some of the most advanced technology for Internet security available today. Secure Socket Layer (SSL) technology protects your information using encryption and authentication server both of your computer and data between the data center, ensuring that your data in transit is safe, secure and available only to registered users in your organization.

In addition to SSL encryption, your account / data are protected by a mandatory User ID and Password. Any password-protected areas of the Service can be accessed only with a valid password. Each password owner is responsible for keeping the password secret and confidential, and for notifying Kiuwan if the password may have been stolen or otherwise might be misused. For more information, please see our Terms of Use.


Our servers are securely located in a state-of-the-art facility that is managed by Amazon, a premier provider of managed hosting and advanced connectivity solutions. Kiuwan has chosen Amazon because of their reputation for quality service and support as well as their unparalleled reputation for reliably posting many of the internet’s most trafficked Web Systems.


Users can decide to delete their account anytime. When an account is deleted, all associated data is deleted as well from the application.

Deleting an account in the application does not mean to unsubscribe from periodical email marketing communications. Users can always unsubscribe from these communications directly clicking the appropriate link in the received emails.


Kiuwan implements the following application analyses persistence policy:

  1. An account that is active, at all times have access to its data.
  2. The resultant details of the Service will kept stored until 3 months after the subscription has ended.
  3. Analysis Data removed by user requests will be irretrievably deleted.
  4. For trial accounts, the last three analyses are stored, and the above policies still apply.


Kiuwan Service follows these procedures:

  1. When analysis is run in Kiuwan site, source code uploaded by the user will be deleted after the analysis has been completed.
  2. When analysis is run locally, source code will be kept local and will not be uploaded to Kiuwan site.

Exceptions to this behavior are the following:

  1. The lines in which Kiuwan had detected a violation will be kept as part of the analysis results with the purpose of documenting the user where such violation has occurred. This behavior can be overridden by executing the analysis locally and configuring property dump.code = false in configuration file.
  2. In case a support issue is found, Kiuwan will keep affected source code for debugging and product enhancement purposes until the resolution of the issue. In case of using Local Analyzer, lines of affected source code will be uploaded, and the user can override this behavior by configuring property dump.code = false in configuration file.


All perimeter doors require key card access and matching biometric palm or fingerprint scan. Visitors are only allowed escorted access to the data center and NOC on an as-needed basis. All internal doors leading to the data center also requires an additional card scan for access. Within the data center, all customer equipment is located in locked cabinets or cages.


Amazon Support maintains an account on all hosted systems and applications for the purposes of maintenance and support. In some cases, selected Kiuwan support engineers may also have access to hosted applications and data. Only employees with the highest clearance have access to application data and code. An authentication is done via individual passphrase-protected public keys, rather than passwords, and the servers only accept incoming SSH connections from Kiuwan and from the Kiuwan virtual network (VPC) hosted in Amazon. Application data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer’s data and code without explicit knowledge of their login information.


In Addition to regular audits, including 3rd party application penetration testing, the Amazon facilities have undergone a successful SAS70 Type II audit. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in case of Amazon relates to operational performance and security to safeguard customer data.


Batabase backups are performed daily for Kiuwan Service, and maintained for a minimum of seven days.


Kiuwan adheres to a strict policy for ensuring the privacy of your personally identifiable information (such as full name, address, e-mail address, and/or other identifiable information). We will never share your information with third parties outside Kiuwan unless you give express permission for us to do so, or unless we are required to do so under applicable law. For more information, please see our Privacy Policy Statement.