Skip to content
Trust Center

Security, privacy, and compliance — in one place.

How we protect your data, what we ship today, and where we're going. Detailed documentation is shared during procurement review.

Compliance status

Where we are today.

SOC 2

Control library

Mapped to Type II criteria. Evidence trails built into the platform.

HIPAA

Healthcare controls

PHI handling and BAA scope are reviewed during procurement; evidence exports remain candidate evidence for your audit.

GDPR

EU operations

EU sub-processors and EU-resident model routing. Standard DPA in development.

EU AI Act

Risk framework

Risk classification and human-oversight controls are handled as control mapping and design-partner roadmap work.

ISO 27001

On the roadmap

Controls mapping is in progress; Kommit does not claim ISO certification today.

FedRAMP

Future

Moderate baseline considered for the Government tier roadmap.

PCI DSS

Not in scope

We don't process card data; redact-and-tokenize pattern for PCI-adjacent workloads.

CJIS

Exploratory

Sector-specific requirements are handled case by case; Kommit does not claim CJIS certification today.

Detailed compliance documentation is shared during procurement review. Email trust@getkommit.ai to start that conversation.

Security at a glance

How we operate.

Data

Encrypted everywhere

AES-256 at rest, TLS 1.3 in transit, BYOK on request. No customer data used to train any model.

Access

Zero standing access

Engineers request scoped, time-bound access to production; every action logged and reviewed monthly.

Operations

24/7 on-call

Severity-tiered SLAs, public status page, blameless postmortems shared within five business days.

Get in touch

See it on your stack.

30 minutes with our team. We'll walk you through governance, audit, evals — and answer everything procurement will ask. Bring your own NDA; we'll sign in 24 hours.