# Security

Have questions about security? Be sure to check out [Kumu's official security policy](https://kumu.io/security). If you're looking for more specific information, see our security FAQ below, and if you don't see what you're looking for, feel free to [contact support](mailto:support@kumu.io).

#### How are passwords securely stored within the system (e.g. encrypted using a salted hash)?

Passwords are stored securely using the bcrypt hashing algorithm.

#### Does Kumu automatically log off, lock or terminate a session after a predetermined time of inactivity?

We do not terminate sessions automatically based on inactivity.

#### What logs or audit trails are produced by Kumu?

All requests are logged by IP and logs are kept for two weeks.

#### Is the data embedded in the logs?

Project data is not included in the logs.

#### Are successful/unsuccessful accesses logged? With client network addresses?

Login attempts are logged but not closely monitored. Users are encouraged to use 2FA to further secure their accounts.

#### How long are the logs retained?

The audit trails we maintain internally only cover major events (such as account creation/deletion and project updates). These logs are retained indefinitely.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kumu.io/overview/security.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.