Built on
Google Cloud Infrastructure
KyberGate runs on Google Cloud with enterprise-grade security controls. Your student data is encrypted, isolated, and protected by the same infrastructure that secures Google Workspace for Education.
Encryption
TLS 1.2+ in transit, AES-256 at rest. All data encrypted end-to-end.
Access Control
Role-based access, MFA support, org-scoped data isolation.
Audit Trail
Every action logged. Full audit history for compliance reviews.
Infrastructure
Google Cloud Platform
Firebase (Firestore, Cloud Functions, Hosting, Storage, Auth) running in US data centers. SOC 2 Type II, ISO 27001, FedRAMP certified infrastructure.
Proxy Infrastructure
Dedicated cloud proxy servers with TLS termination, no shared tenancy. Traffic is inspected in memory and never written to disk in decrypted form.
Data Isolation
Each school organization's data is logically isolated with strict security rules enforcing org-scoped access. No cross-org data leakage is possible.
Network Security
All endpoints protected by TLS 1.2+. Proxy servers use Let's Encrypt certificates with automatic renewal. API endpoints require authentication.
Security Practices
Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Role-based access control (RBAC)
Multi-factor authentication support
Organization-scoped data isolation
Comprehensive audit logging
Automated vulnerability scanning
Dependency monitoring & patching
Incident response plan documented
90-day data retention by default
Secure development lifecycle (SDLC)
Minimal data collection principle
Employee access on need-to-know basis
Regular access reviews
Backup and disaster recovery
Secure API authentication (tokens)
HTTPS Inspection Security
KyberGate's proxy performs HTTPS inspection (SSL/TLS interception) to filter encrypted web traffic. Here's how we keep this process secure:
Per-Org CA Certificates
Each organization gets a unique CA certificate installed via MDM, limiting the scope of trust.
In-Memory Inspection
Decrypted content is inspected in memory and never written to disk. Only URLs and metadata are logged.
Banking & Health Exemptions
Financial institutions and healthcare sites can be exempted from inspection to protect sensitive transactions.
Bypass Domain Support
Schools configure bypass lists for domains that should skip inspection entirely (Apple services, internal sites).
Responsible Disclosure
If you discover a security vulnerability in KyberGate, please report it to security@kybergate.com. We take all reports seriously and will respond within 24 hours. We do not pursue legal action against security researchers who act in good faith.
Questions About Security?
Our team is happy to walk through our security architecture with your IT team or provide documentation for procurement review.