Security

    Software

    User Authentication

    Your keys are stored inside a bin controlled by the permissions you set up. Staff or guests authenticate themselves when accessing keys.

    Two Factor Authentication

    You have the option to activate two factor authentication for login and key pickups on your account.

    Security Monitoring (SIEM)

    We're alerted if anyone makes attempts to access our data centres, and we can react in real time.

    TLS In Transit; AES-256 at Rest

    A private communication channel between your computer and Keycafe ensures that when you are managing your account, your information is safely transmitted.

    PII Optional

    Providing personally identifiable information to Keycafe is optional. In our application or API, you can configure your account with de-identified utilizing corporate badges for access.

    PCI

    We use best-in-class PCI compliant payment processor Stripe for encrypting and processing credit card payments.

    Denial of Service

    Your access to the Keycafe service is protected against Denial of Service (DDOS) attacks by a best-in-class CDN provider, Cloudflare.

    Managed Firewalls

    Your data is secure behind state of the art firewalls.

    99.9% Uptime SLA

    We commit to 99.9% monthly uptime for the Keycafe Service. Credits and exclusions are defined in our SLA, and real-time availability and incident history are on our status page.

    SOC 2 Type II and SOC 3

    Keycafe is independently SOC 2 Type II and SOC 3 attested. These certifications verify that our security controls and processes meet the highest industry standards for protecting customer data. Visit our Trust Center for details.

    SmartBox

    Advanced IoT Security

    All communication between the SmartBox and our servers is encrypted and secure. No incoming ports are left open, each device is given a unique encryption key and can be remotely disabled.

    Encrypted Radio Connections

    BLE communication with the SmartBox is encrypted in transit. WiFi connections are secured using WPA2, the industry standard.

    Device Activity Alerts

    SmartBoxes are cloud connected and you have the option to be notified in real time via email, mobile notifications, or webhook when key exchanges or other events occur.

    OTA Updates

    Devices are capable of receiving over the air updates so they always have the latest firmware and security features of our platform.

    Sensitive Data Offsite

    No sensitive data is stored locally on the Keycafe SmartBox and the device is further protected by encryption protocols.

    Tamper Resistance

    The SmartBox storing your keys is constructed from a precision molded polycarbonate frame with 20-gauge steel inserts, A383 alloy diecast metal doors, and a 16-gauge steel plate wall mount. It provides a physical deterrent to opportunistic tampering and misuse that is acceptable for many use cases. Download our security architecture brief for more details.

    Authentication Options

    Choose how users identify themselves when accessing your keys. Enter a code, scan an ID badge, or use the Keycafe app, and set up additional 2FA.

    Video Surveillance

    Equipped with a built-in 5MP camera, the SmartBox can automatically record and store footage for every key pickup and drop off.

    Need additional security information? Our Security Architecture document provides more information on topics including server architecture, penetration testing, key software vendors, permission schemes for key access, privacy policy and data processing summary and SmartBox construction overview.

    Download Keycafe Security Architecture PDF