Kong Enterprise 3.3 delivers enhanced security, usability, and platform reliability. Learn more

Trust and Compliance 
at Kong

The world’s most trusted API gateway is just the start. All of Kong’s offerings are built from the ground up with enterprise-grade security, compliance, and privacy at their core. And Kong is dedicated to continually improving security processes and controls, protecting customer data, and upholding data usage transparency.

Product Offerings

Kong Konnect, the cloud native API lifecycle platform, helps you build better applications faster and more securely. Kong hosts the control plane, while the runtime engine — Kong’s lightweight, flexible API gateway — runs in your environment.

Kong Enterprise is a fast, feature-advanced, and secure API management solution built on Kong Gateway, the world’s most adopted API gateway. An API gateway is a reverse proxy that lets you manage, configure, and route requests to your APIs.

Kong Mesh is an enterprise service mesh that runs on both Kubernetes and virtual machines (VMs) on any cloud and multi-cluster. Built on top of CNCF’s Kuma and Envoy, Kong Mesh enables microservices transformation.

Kong Insomnia is a collaborative API client and design tool for quickly building and testing APIs. The open source product is offered for free or with a limited SaaS service for a monthly per-user fee. It’s also offered to enterprise customers.

Compliance and Security

Kong’s products offer enterprise-grade security and are designed to support enterprise customers’ security, compliance, and privacy needs. Kong undergoes independent verification of platform security and compliance controls. 

SOC 2

This regularly refreshed report focuses on non-financial reporting controls as they relate to security, availability, and confidentiality.

CSA - Star Level 1

Kong has completed a Consensus Assessment Initiative Questionnaire (CAIQ) self-assessment.

Penetration Testing

Kong engages a security company to perform security, vulnerability, and penetration testing for all products at least annually.

Business Continuity and Disaster Recovery

This policy sets out steps and responsible personnel to help ensure business continuity and recovery in the event of a disaster.

Please contact your Kong sales representative for more information regarding these security and compliance controls.

Explore Company Policies and Resources

Explore company policies and resources to see how Kong’s products and people meet customers’ high expectations. 

Kong Code of Conduct

The Kong Kode describes the regulations, laws, and policies Kong implements concerning the legal and ethical behavior required of employees.

Learn More

Vulnerability Disclosure Program Summary

Kong offers a Vulnerability Disclosure Program — also known as a bug bounty program — for reports of unique confirmed vulnerabilities.

Report a Vulnerability →

Kong Technical & Organizational Security Measures

See the features, processes, and controls applicable to Kong products, including configurable options available to the customer, that employ industry-standard information security best practices.

Learn More

Environmental, Social, and Governance Statement

Kong is committed to developing its ESG program to build a sustainable and efficient business. Kong is working to mitigate its environmental impact and build an equitable, socially responsible company.

Learn More

Kong has completed an ESG Evaluation and Benchmarking Exercise with EcoVadis, which will be repeated in 2023.

Data Privacy

Kong is committed to being transparent about the company’s handling of data. See below for an overview of the collection and use of personal and customer data in connection with Kong’s products and services.

GDPR

The General Data Protection Regulation regulates the use and protection of personal data protection in the European Economic Area (EEA), but it affects the way business is done globally. Compliance with GDPR is a top priority for Kong and its customers, and Kong can be a key enabler in customers’ compliance efforts.

CPRA

The California Privacy Rights Act creates consumer rights relating to the access to, deletion of, and sharing of personal information collected by businesses. Kong is committed to supporting customers with CPRA compliance and can be a key enabler in this journey.

Kong Privacy Policy

Kong’s Privacy Policy describes the policies and procedures regarding the collection, processing and disclosure of information about you, and what rights you have while we hold that information.

Kong Data Processing Activities Summary

Kong’s Data Processing Activities Summary sets out an overview of the collection and use of personal data and customer data in connection with Kong’s products and services.

Additional Resources

Discover other resources around Kong’s policies and processes in place to protect the company, 
its offerings, and its customers.

Kong’s product documentation includes best practices for deployment and hardening of its products.

Kong’s Support and Maintenance Policy, as well as the SLA for Kong Konnect.

Please contact your sales representative — or see the introduction to Kong’s offerings for Legal and Procurement teams.