Security

Security is not a feature. It's the foundation.

Kramaly's security posture is built into the platform architecture — not layered on after. Every capability inherits the same security guarantees.

Request Security BriefPlatform Overview →
Security Principles

Six pillars of the Kramaly security posture.

These are engineering commitments — not marketing promises. Each is verifiable through our security review process.

🔒

Encryption in Transit & at Rest

All data in transit is encrypted via TLS 1.3. Data at rest is encrypted using AES-256. Encryption keys are tenant-scoped and rotated on a defined schedule.

  • TLS 1.3 for all connections
  • AES-256 at-rest encryption
  • Tenant-scoped key management
  • Key rotation on configurable schedule
🏢

Strict Tenant Isolation

Tenant data is isolated at the schema and API level. No cross-tenant data leakage is possible by design. Each tenant's data access is enforced at the query layer — not just the application layer.

  • Schema-level data separation
  • API-layer tenant context enforcement
  • No shared data pools between tenants
  • Tenant-specific encryption keys
🛡️

Least-privilege by Default

RBAC is enforced on every API call. Users receive the minimum access required for their role. Admin operations are separately gated and always logged.

  • Role-based API authorization
  • No implicit admin escalation
  • Per-module permission scopes
  • Service account least-privilege enforcement
📋

Immutable Audit Logs

Every state change — access grants, data modifications, approvals, and admin actions — produces an immutable, structured event. Logs cannot be deleted or altered after creation.

  • Tamper-evident log structure
  • All CRUD and admin actions logged
  • Structured JSON events with context
  • Configurable retention and export
🔑

Authentication & Session Control

Multi-factor authentication, session timeouts, concurrent session limits, and IP-based restrictions. SSO via OAuth 2.0 / SAML 2.0 with your existing identity provider.

  • MFA enforced per tenant policy
  • Configurable session timeout
  • SAML 2.0 / OAuth 2.0 SSO
  • IP allowlist per tenant
🌐

Data Residency Options

For enterprises with data sovereignty requirements, Kramaly supports region-specific deployment — keeping your data within specified geographic boundaries.

  • Region-specific cloud deployment
  • On-prem option for full data control
  • No third-party AI data exposure
  • Configurable backup geography
📌

A note on compliance certifications

Kramaly is building toward formal compliance certifications (ISO 27001, SOC 2 Type II). We will publish certification status as it is achieved — not before. We do not list certifications we do not hold.

For enterprise security reviews, we provide detailed architecture documentation, security questionnaire responses, and live review sessions with our engineering team.

Request Security Review

Have a security questionnaire?

Send it over. Our engineering team responds to security questionnaires with verifiable answers — not marketing copy.

Start Security ReviewPlatform Overview