Have questions about security? Be sure to check out Kumu's official security policy. If you're looking for more specific information, see our security FAQ below, and if you don't see what you're looking for, feel free to contact support.
Passwords are stored securely using the bcrypt hashing algorithm.
Does Kumu automatically log off, lock or terminate a session after a predetermined time of inactivity?
We do not terminate sessions automatically based on inactivity.
All requests are logged by IP and logs are kept for two weeks.
Project data is not included in the logs.
Login attempts are logged but not closely monitored. Users are encouraged to use 2FA to further secure their accounts.
The audit trails we maintain internally only cover major events (such as account creation/deletion and project updates). These logs are retained indefinitely.