Fraud prevention
Approved contacts only. A closed system.
The Ken only accepts calls and messages from contacts that you, the family member, have explicitly approved through the portal. There is no email on the device, no web browser, no app store, and no way for an unknown caller or sender to reach your loved one.
This closed-contact model is our primary defence against telephone fraud, scam calls, and phishing messages. If a person is not on the approved contact list, they cannot make contact. You can add or remove contacts remotely at any time from the family portal or the app.
- No unknown callers — only approved contacts can initiate a video call
- No unsolicited messages — only approved contacts can send messages to the device
- No email — there is no email client on the device, eliminating phishing entirely
- No web browser — no risk of malicious links, pop-ups, or fraudulent websites
- No app store — no risk of accidental downloads, subscriptions, or in-app purchases
- No ads, no pop-ups — the device shows only what matters, nothing designed to distract or sell to your loved one
- Family-controlled — only authorised family members and carers can modify the approved contact list
How we protect your data
Medical information is always protected.
Medical information is encrypted using AES-256 and stored in Cloudflare's EU data centres. Only authorised carers and administrators can access it. We never share medical data with AI or third parties. All access is logged and auditable.
- AES-256 encryption for all medical data at rest
- PII tokenisation -- personal identifiers stored separately with additional encryption
- HTTPS everywhere -- all data encrypted in transit
- Role-based access control -- only authorised carers and administrators can view medical information
- Comprehensive audit logging -- every access to medical data is recorded
- 7-day session timeouts with multi-factor authentication for privileged accounts
- Cloudflare edge protection against DDoS and other network attacks
Vulnerability disclosure
Found a security issue? Tell us.
We welcome reports from security researchers and members of the public. If you believe you have found a vulnerability in The Ken device, the portal, the family app, or our cloud services, please contact us before disclosing it publicly.
How to report
Email security@theken.uk with a clear description of the issue, the steps to reproduce it, and the potential impact. A machine-readable copy of this policy is published at /.well-known/security.txt.
What we promise
- We will acknowledge your report within one working day
- We will give you a substantive response within five working days
- We will keep you informed as we work on a fix
- We will credit you publicly on this page if you wish, once the issue is resolved
- We will not take legal action against researchers who report in good faith and follow this policy
What we ask
- Give us a reasonable time to fix the issue before disclosing it publicly. Ninety days is our default, less if the issue is already public, more if the fix is genuinely complex
- Do not access, modify, or delete data that does not belong to you
- Do not run automated scanners against the production environment without prior agreement
- Do not test denial of service, social engineering, or physical attacks
- Do not publish or share the issue until we have agreed it is safe to do so
Out of scope
- Issues in third-party services we use (Cloudflare, Netlify, Resend, Twilio) - please report to the vendor directly
- Reports generated solely by automated scanners with no demonstrated impact
- Missing security headers without a demonstrated exploit
- Self-XSS, clickjacking on pages without sensitive actions, or rate limiting on non-authentication endpoints
Privacy policy
Your privacy matters.
We collect only what is needed to operate The Ken and keep your loved one connected. All personal and medical data is encrypted, stored in EU data centres, and never shared with advertisers or AI services.
Our full Privacy Policy is available at Privacy Policy.
Terms & conditions
Terms of use.
By using The Ken device and portal, you agree to our terms of service. These cover your subscription, our responsibilities, data handling, and your rights under UK consumer law.
Our full Terms & Conditions are available at Terms & Conditions.