Security

Kollab runs on hardened cloud infrastructure with redundant availability zones, managed databases, and least-privilege IAM. Production access is restricted to a small group of engineers and gated behind SSO and MFA.

All traffic to and from Kollab is encrypted in transit using TLS 1.2+. Data is encrypted at rest using AES-256. Secrets are stored in a managed key vault and rotated regularly.

Accounts are protected with strong password requirements, optional multi-factor authentication, and session-binding controls. Suspicious sign-ins are flagged and may require re-verification.

Click and conversion traffic is scored in real time. We use IP reputation, device fingerprinting, behavioral signals, and post-conversion validation to detect and block fraudulent activity before payout.

Payout methods and tax forms are handled by PCI-compliant and SOC 2 audited payment partners. Kollab does not store full bank or card numbers on our own systems.

We maintain centralized logging, anomaly alerts, and an incident response runbook. Confirmed incidents affecting customer data will be communicated promptly and in accordance with applicable law.

If you believe you have found a security vulnerability, please email security@trykollab.com with a description and reproduction steps. Please do not publicly disclose the issue before we have had a reasonable opportunity to address it.