Built to pass your security review.
Kanonik holds your compliance record, so we hold ourselves to the bar you would hold any vendor that touches it. This page is for the person who signs off before you connect: what we protect, how we protect it, what we store, and who we rely on.
Reviewing us for a deal? Email [email protected] and we will answer your questionnaire directly.
How your record is protected
The product is the protection. Every one of these is enforced by the system, not by policy alone.
A human approves every external write
Nothing reaches your record on the AI's say-so. Each change your AI proposes is checked by a server-side reviewer, then waits for a one-click approval from a real person on your side. The approval is single-use, time-limited, and signed. There is no path that skips it.
The reviewer runs on our servers, not in the chat
The check that decides whether a change is safe to apply runs inside our platform, server-side. The AI in your chat window cannot turn it off, talk it down, or route around it.
Your audit log is tamper-evident
Every change is recorded in an append-only log where each entry is cryptographically chained to the one before it and the chain is sealed with a FIPS 140-3-validated signing key. If anyone altered or removed a past entry, the chain would no longer verify, and you can run that verification yourself, offline, from any export.
Each workspace is cryptographically isolated
Your data is encrypted at rest with a key that belongs to your workspace alone, wrapped by a second key held in a dedicated secrets vault. Database-level row security keeps one workspace's data unreachable from another's, enforced at the data layer, not just in application code.
You bring your own AI model
Kanonik never hosts the AI doing your compliance work. You connect the model you already use through a standard, OAuth-protected connection. We never see your model provider's keys, and we never hold the credentials to your source systems. Your AI reaches those through its own connections, not ours.
Modern, validated cryptography end to end
Browser traffic uses TLS 1.3. Traffic between our internal services is mutually authenticated and encrypted. Sign-in uses OpenID Connect. Every signing, key-wrapping, and hashing step in a security-critical path uses FIPS 140-3-validated cryptography.
What we store, and what we never touch
Kanonik stores the compliance record, not your evidence and not your systems. The distinction is deliberate.
What Kanonik stores
- Your typed compliance model: policies, controls, risks, mappings, audit sessions, findings, and the like.
- References to where your evidence lives (links and identifiers), not the evidence content itself.
- The tamper-evident audit log of every proposal, review verdict, approval, and committed change.
- Your workspace profile and the owner contact, encrypted with your workspace key.
What Kanonik never holds
- Your AI model or its provider keys. You bring your own model.
- Credentials to your source systems (code hosts, ticketing, identity, chat). Your AI reaches those through its own connections.
- The raw contents of your evidence systems. We keep references, not copies.
- Card details on our servers. Payment is handled by our payment processor, never stored by us.
Who we rely on
Kanonik runs on a small, deliberate set of infrastructure providers. We keep this list current; material changes are communicated to customers in advance.
| Provider | Purpose | Data |
|---|---|---|
| Oracle Cloud Infrastructure | Cloud hosting: compute, managed database, storage. | Your compliance model and audit log, encrypted with your workspace key. |
| OpenBao | Secrets vault that holds the keys that wrap your workspace encryption. | Encryption-key material only. No compliance content. |
| Keycloak | Sign-in and identity (OpenID Connect). | Account identity: email and workspace membership. |
| Stripe | Payment processing. | Billing and card details, held by Stripe, never stored by Kanonik. |
Your AI model provider is chosen and operated by you, not by Kanonik. Because you bring your own model, your model provider is your sub-processor, not ours. We never send your data to a model we host.
Where your data lives, and for how long
Encryption & residency
Your workspace data is encrypted at rest with a key unique to your workspace and in transit with TLS 1.3. Data is hosted in our cloud provider's managed regions. If your review requires a specific region or a dedicated-tenancy arrangement, raise it with us before you sign, and we can scope it.
Retention
Your audit log is retained for seven years to meet the evidence window auditors expect, and it is append-only by design, so entries are never edited or deleted in place. If you close your workspace, we provide a full signed export of your record and then remove your data on the schedule set out in your agreement.
Sign a DPA before you connect
If you process personal or regulated data through your compliance program, you need a Data Processing Agreement in place. We make that a step in onboarding, not an afterthought.
Our standard DPA covers the roles of each party, the categories of data processed, our security commitments, sub-processor handling, and breach notification. Request a copy and we will send it for review and signature.
We are wiring an in-product e-signature step into onboarding. Until that lands, request and sign the DPA by email. Same document, same commitments.
What we are building toward, stated plainly
We would rather you trust what we say than be impressed by what we imply. Here is what is planned but not yet in place.
- SOC 2Not yet certified. Our controls are built to support a SOC 2 examination, and it is on our roadmap. We will not describe ourselves as SOC 2 certified until a report exists.
- FedRAMP ModerateNot authorized. The platform is engineered to the FedRAMP Moderate standard from the ground up, and federal authorization is a deliberate, later-stage goal, not a claim we make today.
- Framework coverageISO 27001:2022 is the framework loaded today. SOC 2 is the next framework we will add. We will not imply coverage of a framework your workspace cannot actually use.