Security
Software
User Authentication
Your keys are stored inside a bin controlled by the permissions you set up. Staff or guests authenticate themselves when accessing keys.
Two Factor Authentication
You have the option to activate two factor authentication for login and key pickups on your account.
Security Monitoring (SIEM)
We're alerted if anyone makes attempts to access our data centres, and we can react in real time.
TLS In Transit; AES-256 at Rest
A private communication channel between your computer and Keycafe ensures that when you are managing your account, your information is safely transmitted.
PII Optional
Providing personally identifiable information to Keycafe is optional. In our application or API, you can configure your account with de-identified utilizing corporate badges for access.
PCI
We use best-in-class PCI compliant payment processor Stripe for encrypting and processing credit card payments.
Denial of Service
Your access to the Keycafe service is protected against Denial of Service (DDOS) attacks by a best-in-class CDN provider, Cloudflare.
Managed Firewalls
Your data is secure behind state of the art firewalls.
99.9% Uptime SLA
We commit to 99.9% monthly uptime for the Keycafe Service. Credits and exclusions are defined in our SLA, and real-time availability and incident history are on our status page.
SOC 2 Type II
Keycafe is in the process of becoming independently SOC 2 Type II-attested, covering security controls across our production environment and supporting processes. Visit our Trust Center for details.
SmartBox
Advanced IoT Security
All communication between the SmartBox and our servers is encrypted and secure. No incoming ports are left open, each device is given a unique encryption key and servers are continuously monitored for possible threats.
Encrypted Radio Connections
BLE communication with the SmartBox is encrypted in transit. WiFi connections are secured using WPA2, the industry standard.
Device Activity Alerts
SmartBoxes are cloud connected and you have the option to be notified in real time via email, mobile notifications, or webhook when key exchanges or other events occur.
OTA Updates
Devices are capable of receiving over the air updates so they always have the latest firmware and security features of our platform.
Sensitive Data Offsite
No sensitive data is stored locally on the Keycafe SmartBox and the device is further protected by encryption protocols.
Tamper Resistance
The SmartBox storing your keys is constructed from a precision molded polycarbonate frame with 20-gauge steel inserts, A383 alloy diecast metal doors, and a 16-gauge steel plate wall mount. It provides a physical deterrent to opportunistic tampering and misuse that is acceptable for many use cases. Download our security architecture brief for more details.
Authentication Options
Choose how users identify themselves when accessing your keys. Enter a code, scan an ID badge, or use the Keycafe app, and set up additional 2FA.
Video Surveillance
Equipped with a built-in 5MP camera, the SmartBox can automatically record and store footage for every key pickup and drop off.
Need additional security information? Our Security Architecture document provides more information on topics including server architecture, penetration testing, key software vendors, permission schemes for key access, privacy policy and data processing summary and SmartBox construction overview.
