Data Security & Privacy at Krostio

When you connect your gig platforms to Krostio, you are trusting us with sensitive financial data: your earnings history, platform accounts, and income patterns. We take that responsibility seriously. Security is not a feature we add later — it is fundamental to how Krostio is built and operated.

This guide explains the specific measures we take to protect your data, how our third-party integrations handle your information, and what rights you have as a user.

Encryption at rest and in transit

All data stored in Krostio's systems is encrypted at rest using AES-256, the same encryption standard used by financial institutions and government agencies worldwide. Whether it is your earnings history, platform credentials, or personal profile information, it is encrypted before it ever touches disk.

Data in transit is protected by TLS 1.3, the latest version of the Transport Layer Security protocol. Every connection between your browser and Krostio's servers is encrypted. Every API call from our servers to your gig platforms (via Argyle) uses the same standard. There are no plaintext connections anywhere in our stack.

SOC-3 compliance

Krostio maintains SOC-3 compliance, which means our security controls have been examined by an independent auditor against the AICPA's Service Organization Control standards. SOC-3 reports are designed for public distribution and confirm that our systems are designed to protect customer data.

SOC-3 compliance is not a checkbox exercise. It requires ongoing monitoring, regular audits, and continuous improvement of our security posture. For lenders and property managers who receive Krostio reports, this certification provides independent assurance that the income data they are relying on comes from a secure, trustworthy source.

How Argyle integration works

Krostio partners with Argyle to connect to 300+ gig platforms. Argyle is a leading platform data aggregator that specializes in workforce and income data. When you connect a platform through Krostio, here is what happens:

1. You log in directly to the gig platform through Argyle's secure gateway. Krostio never sees your platform password.
2. Argyle uses platform-authorized APIs to pull your earnings data. This is read-only access — nobody can take actions on your account.
3. The earnings data is transmitted to Krostio over encrypted channels and stored using AES-256 encryption.
4. You can revoke access at any time from your Krostio settings. Revocation triggers Argyle to disconnect from the platform within 24 hours.

Data minimization and purpose limitation

Krostio follows the principle of data minimization: we only collect the data necessary to provide our services. When we pull earnings data from your platforms, we collect transaction amounts, dates, and platform metadata. We do not collect personal messages, location data beyond what is required for earnings context, or any information unrelated to income verification.

Your data is used for the specific purposes you authorize: generating income reports, calculating your Krost Alternative Credit Score, and providing the Krostio dashboard. We do not sell your data to third parties. We do not use it for advertising. We do not share it with lenders without your explicit consent.

FCRA guidance and consumer rights

While the Krost Alternative Credit Score is not a traditional credit report under the Fair Credit Reporting Act (FCRA), Krostio follows FCRA-aligned best practices for data accuracy, dispute handling, and transparency. If you believe any earnings data in your report is incorrect, you can request a correction through your account settings.

You have the right to:

• Access all data Krostio holds about you
• Request correction of inaccurate earnings data
• Delete your account and all associated data
• Revoke platform connections at any time
• Export your data in a portable format

Security best practices for users

While we handle security at the infrastructure level, there are steps you can take to keep your Krostio account secure:

• Use a strong, unique password for your Krostio account
• Enable two-factor authentication if available
• Review your connected platforms regularly and remove any you no longer use
• Only generate income reports when you need them — do not share your dashboard access broadly
• Keep your email account secure, since password reset requests go through email

Security is a continuous process, not a destination. Krostio regularly reviews and updates our security practices to stay ahead of emerging threats. If you ever have a security concern or find a potential vulnerability, please contact our security team directly at security@krostio.com.

For more detail, see our full Privacy Policy and Terms of Service.