Have questions about security? Be sure to check out Kumu's official security policy. If you're looking for more specific information, see our security FAQ below, and if you don't see what you're looking for, feel free to contact support.

How are passwords securely stored within the system (e.g. encrypted using a salted hash)?

Passwords are stored securely using the bcrypt hashing algorithm.

Does Kumu automatically log off, lock or terminate a session after a predetermined time of inactivity?

We do not terminate sessions automatically based on inactivity.

What logs or audit trails are produced by Kumu?

All requests are logged by IP and logs are kept for two weeks.

Is the data embedded in the logs?

Project data is not included in the logs.

Are successful/unsuccessful accesses logged? With client network addresses?

Login attempts are logged but not closely monitored. Users are encouraged to use 2FA to further secure their accounts.

How long are the logs retained?

The audit trails we maintain internally only cover major events (such as account creation/deletion and project updates). These logs are retained indefinitely.