Security, privacy, and compliance — in one place.
How we protect your data, what we ship today, and where we're going. Detailed documentation is shared during procurement review.
Where we are today.
Control library
Mapped to Type II criteria. Evidence trails built into the platform.
Healthcare controls
PHI handling and BAA scope are reviewed during procurement; evidence exports remain candidate evidence for your audit.
EU operations
EU sub-processors and EU-resident model routing. Standard DPA in development.
Risk framework
Risk classification and human-oversight controls are handled as control mapping and design-partner roadmap work.
On the roadmap
Controls mapping is in progress; Kommit does not claim ISO certification today.
Future
Moderate baseline considered for the Government tier roadmap.
Not in scope
We don't process card data; redact-and-tokenize pattern for PCI-adjacent workloads.
Exploratory
Sector-specific requirements are handled case by case; Kommit does not claim CJIS certification today.
Detailed compliance documentation is shared during procurement review. Email trust@getkommit.ai to start that conversation.
How we operate.
Encrypted everywhere
AES-256 at rest, TLS 1.3 in transit, BYOK on request. No customer data used to train any model.
Zero standing access
Engineers request scoped, time-bound access to production; every action logged and reviewed monthly.
24/7 on-call
Severity-tiered SLAs, public status page, blameless postmortems shared within five business days.
See it on your stack.
30 minutes with our team. We'll walk you through governance, audit, evals — and answer everything procurement will ask. Bring your own NDA; we'll sign in 24 hours.