Security First

Your titles are protected by enterprise-grade security

KYTConnect was built from the ground up to handle sensitive government vehicle records. Security isn't a feature we added — it's the foundation everything else is built on.

AES-256 Encrypted
SOC 2 Certified
TLS 1.3
99.99% Uptime

How we protect your data

Six layers of security that work together to keep your title records safe.

Encryption at Rest

All title records, personal data, and documents are encrypted using AES-256-GCM before storage. Encryption keys are managed through a dedicated KMS with automatic rotation every 90 days.

AES-256-GCM encryptionAWS KMS key management90-day automatic key rotationEnvelope encryption for large objects

Encryption in Transit

All data transmitted between clients and KYTConnect is protected with TLS 1.3. We enforce HTTPS everywhere with HSTS preloading and certificate transparency logging.

TLS 1.3 with forward secrecyHSTS preload listCertificate transparencyPinned TLS certificates for API

Identity Verification

Users verify their identity through state-issued driver's license validation connected to motor vehicle databases. Multi-factor authentication adds an additional layer of account protection.

State DL verification via motor vehicle APIsTOTP-based multi-factor authBiometric login support (Face ID, Touch ID)Session timeout and device management

Audit Logging

Every action on every title record is logged with immutable, timestamped entries. Audit logs capture who accessed what, when, and from where — providing a complete chain of custody.

Immutable append-only audit logIP address and device fingerprintingTamper-evident log integrity checksExportable audit trails for compliance

Infrastructure Security

KYTConnect runs on isolated cloud infrastructure with network segmentation, intrusion detection, and automated vulnerability scanning. No shared tenancy — every customer's data is logically isolated.

SOC 2 Type II certified hostingNetwork segmentation and VPC isolationContinuous vulnerability scanningWAF and DDoS protection at the edge

Disaster Recovery

Title data is replicated across multiple availability zones with point-in-time recovery. Regular backup testing ensures we can restore operations within our RTO and RPO targets.

Multi-AZ data replicationPoint-in-time recovery (last 35 days)RTO < 4 hours, RPO < 1 hourAnnual disaster recovery testing

Compliance & Certifications

We pursue the certifications that matter for government and financial data.

SOC 2 Type II

Annual audit of security, availability, and confidentiality controls

Certified

FISMA

Federal information security management compliance for government data

In Progress

CJIS

Criminal Justice Information Services security policy compliance

In Progress

PCI DSS

Payment Card Industry data security standard for transaction processing

Certified

Data Handling Practices

How we collect, store, and protect your information.

Data Minimization

We only collect and store the minimum data necessary to provide title management services. We never sell personal data to third parties.

Data Residency

All title data is stored in US-based data centers. We do not transfer personal data outside the United States.

Data Retention

Active title records are retained as long as your account is active. Upon account deletion, personal data is purged within 30 days.

Access Control

Role-based access control limits internal access to title data. All employee access is logged and reviewed quarterly.

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a potential security issue in KYTConnect, we encourage you to report it through our responsible disclosure program. We commit to acknowledging reports within 24 hours and providing a fix timeline within 72 hours.

security@kytconnect.ky.govPGP key available on request
Acknowledgment< 24 hours
Triage & assessment< 48 hours
Fix timeline< 72 hours

Questions about our security?

Our security team is available to discuss compliance requirements, architecture details, and custom enterprise configurations.