Security at KickSplit.
KickSplit is built around sensitive compensation workflows, so security matters across account access, company data boundaries, product workflows, and operational practices.
Security Trust Map
Account access
authorized users · role-aware workflows
Company data
company context · tenant boundaries
Workflow protection
server-side checks · reviewable outputs
Operational care
monitoring · validation · security questions
Security is part of compensation trust.
Sensitive workflows deserve care
Commission plans, sales records, statements, payout questions, and payroll-ready exports can contain sensitive business and compensation context.
Access should follow context
Product workflows should respect company access, user role, and the reason someone needs to see compensation information.
Outputs should be reviewable
Security and trust improve when commission outputs are reviewed, explained, and handed off through clear workflows.
How KickSplit protects product workflows.
Authentication-aware access
Product access is designed around authenticated users and authorized company context.
Company-scoped workflows
Compensation data should stay tied to the company context it belongs to.
Server-side validation
Important workflow actions should be checked on the server instead of relying only on browser state.
Data boundary discipline
Sales, commission, statement, and payout-related views should avoid exposing data outside the intended context.
Careful change discipline
Product changes should be validated, tested, and documented so trust-critical workflows do not change silently.
Access boundaries matter when compensation data is involved.
Role-aware access
Admins, managers, reps, and operators should see the workflows appropriate to their responsibilities.
Company context
Product views and actions should be resolved against the user's company context, not arbitrary client input.
Least-necessary handling
Compensation data should be exposed only where it supports the product workflow or necessary operation.
Admin review
Owners and admins remain responsible for reviewing users, permissions, plans, and payout outputs.
Operational practices should protect reliability and trust.
Monitoring and diagnostics
Operational signals can help identify errors, reliability issues, and unusual behavior.
Validation before release
Public pages, product workflows, and trust-sensitive changes should be validated before release.
Documentation discipline
Security-relevant behavior, environment expectations, and route access should stay documented.
Security questions
Visitors and customers should have a clear path to ask security-related questions. Get in touch.
Security is also a shared responsibility.
Manage user access
Customers should invite the right users, remove access when roles change, and review who can see compensation workflows.
Provide accurate data
Commission outputs depend on the accuracy of sales records, plan setup, assignments, and payout inputs.
Review outputs
Customers should review commission runs, statements, disputes, and exports before relying on final outputs.
Protect credentials
Users should protect login credentials and avoid sharing access outside authorized workflows.
Report concerns
Security, privacy, or access concerns should be reported through the contact path.
Have a security question?
If you have a question about KickSplit's security posture, privacy practices, route access, or how compensation data is handled, contact us and we'll route it appropriately.