Kizen Privacy & Security

Kizen Security & Services

Information Security

Count on Kizen to keep all your data safe. Ensure security and compliance at all times so your business can operate with ease and peace of mind.

Alleviate regulatory burdens and rest secure under Kizen’s vigilant watch with a platform built for the largest and most regulated businesses in the world. Easily manage complex data access rules and ensure compliance with ISO 27001, HIPPA, SOC2, and every regulation in between.

Compliance

Responsible Disclosure Policy

Data security is a top priority for Kizen, and Kizen believes that working with skilled security researchers can identify weaknesses in any technology.

If you believe you’ve found a security vulnerability in Kizen’s service, please notify us; we will work with you to resolve the issue promptly.

Disclosure Policy

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected]. We will acknowledge your email promptly.

  • Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party.
  • Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Kizen service.
  • Please only interact with accounts you own or for which you have explicit permission from the account holder

Exclusions

While researching, we’d like you to refrain from:

  • Distributed Denial of Service (DDoS)
  • Spamming
  • Social engineering or phishing of Kizen employees or contractors
  • Any attacks against Kizen’s physical property or data centers

Thank you for helping to keep Kizen and our users safe!

Disciplinary Action

Employees who violate this policy may face disciplinary consequences in proportion to their violation. Kizen management will determine how serious an employee’s offense is and take the appropriate action.

Responsibility

It is the Kizen InfoSec team’s responsibility to see if this policy is enforced.

Confidentiality and Sensitive Information

Kizen will follow industry best practices and strict procedures to keep client data, passwords, processes, and other sensitive information secure throughout and after our work together. If desired, the Client may request Kizen delete all sensitive information from the Company’s servers upon termination.

Scope

Kizen will provide software and services as outlined in the provided proposal. If the Client requests training, support, or additional work that falls outside of the scope of the proposal, Kizen will provide an additional proposal or may suggest an hourly based structure to maximize flexibility.

Timelines & Communication

Our mission is to help your business grow as quickly as possible. We bring a sense of urgency to every project and do everything possible to deliver on-time or early. Our projects typically require excellent collaboration between our team and yours. To ensure projects are delivered on-time, please communicate information to our team as quickly as possible and ensure that the information we’re receiving is accurate. Kizen is not responsible for delays caused by the Client, and reserves the right to request additional compensation if inaccurate or delayed information requires additional work to be done.

Copyrights, Trademarks, & Intellectual Property

All data input and generated by the Kizen Platform is owned by the Client. Client guarantees that all elements of text, images, or other artwork provided to Kizen are either owned by the client or the client has written permission to use. When engaging Kizen Services, copyright and intellectual property rights for the work will automatically and permanently be transferred to the client once the final payment for a given project has cleared.

Project Minimum Terms, Cancellation or Suspension

There is no minimum term or cancellation penalty for the Kizen Platform. Client may cancel at any time. Certain Kizen Services have minimum engagement terms as they require significant up-front investments by our team. These items are clearly noted on project proposals. If services are canceled or suspended by Kizen for any reason, the client will receive a full refund. If services are canceled or suspended by the client for any reason, the full amount of services agreed upon will still be due.

Payments

Payment terms are clearly outlined on your proposal. All Kizen invoices are provided digitally. Kizen requests payment via direct deposit, bank wire, or credit card. Payments not received by the due date will result in work cessation. Monthly late charges of $50+10% of the late balance will be added to unpaid balances every 30 days.

Agreement, Invalidity, & Governing Law

This agreement constitutes the entire agreement between Kizen and the client. In the event any individual provision is deemed illegal or unenforceable it shall not affect the validity or enforceability of the remaining provisions. This agreement shall be construed in accordance with the laws of the state of Texas.

Additional Provisions

The terms and conditions of this agreement may be modified or amended as necessary if agreed upon in writing by both parties.

Information Security within Kizen

Date: July 20, 2023

As a modern, forward-looking business, Kizen recognizes at senior levels the need to ensure that its business operates smoothly and without interruption for the benefit of its customers, shareholders, and other stakeholders.

In order to provide such a level of continuous operation, Kizen has implemented an Information Security Management System (ISMS) in line with the International Standard for Information Security, ISO/IEC 27001.

The operation of this ISMS has many benefits for the business, including:

  • Protection of revenue streams and company profitability
  • Ensuring the supply of goods and services to customers
  • Maintenance and enhancement of shareholder value
  • Compliance with legal and regulatory requirements

An Information Security Policy is available in both paper and electronic form and will be communicated within the organization and to all relevant stakeholders and interested third parties.

Commitment to the delivery of information security extends to senior levels of the organization and will be demonstrated through the information security policy and the provision of appropriate resources to establish and develop the ISMS.

Top management will also ensure that a systematic review of performance of the program is conducted on a regular basis to ensure that information security objectives are being met and relevant issues are identified through the audit program and management processes.

A risk management approach and process will be used which is in line with the requirements and recommendations of ISO/IEC 27001. Risk management will take place at several levels within the ISMS, including:

  • Assessment of risks to the achievement of our information security objectives
  • Regular information security risk assessments within specific operational areas
  • Assessment of risk as part of the business change management process
  • At the project level as part of the management of significant change

We would encourage all employees and other stakeholders in our business to ensure that they play their part in delivering our information security objectives.

Yours sincerely,

John Winner, CEO
Scott Turner, CTO

HIPAA Anti-Retaliation Policy

Title II of the Federal Health Insurance Portability and Accountability Act (42 USC 1320d to 1329d-8, and Section 264 of Public Law 104191), and its accompanying Privacy Regulations, 45 CFR Parts 160 and 164, require that “covered entities,” as defined by the HIPAA Privacy Regulations, refrain from any retaliatory acts targeted toward those who file complaints or otherwise report HIPAA violations or infractions.  The purpose of this policy is to clearly state the position of Kizen on intimidation and retaliation.  This policy applies to all workforce, volunteers, and management of Kizen.

Under no circumstances shall Kizen intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for:

  1. The exercise of rights guaranteed under HIPAA, including the filing of a HIPAA complaint against Kizen;
  2. The filing of a HIPAA complaint with the Secretary of HHS;
  3. Testifying, assisting, or participating in a HIPAA investigation, compliance, review, proceeding, or hearing; or
  4. Opposing any act or practice that is counter to the HIPAA regulations, provided the individual or person has a good faith belief that the practice opposed is unlawful, and the manner of the opposition is reasonable and does not involve a disclosure of PHI in violation of HIPAA.

No retaliatory action against an individual or group involved in filing HIPAA complaints or otherwise reporting infractions will be tolerated.Under no circumstances shall Kizen require any member(s) of its workforce, volunteers, or management to waive their rights under HIPAA. All allegations of HIPAA retaliation against individuals will be reviewed and investigated by Kizen in a timely manner.