[ Trust / Security ]
Security is the product. And the practice.
We sell security tools, so we hold ourselves to a higher bar. Reports available under NDA.
Encryption
AES-256 at rest, TLS 1.3 in transit. Customer-managed keys (BYOK) available for Enterprise.
Access control
MFA required on every employee account. SSO/SAML/SCIM for customers. Least-privilege everywhere.
Certifications
SOC 2 Type II (current), ISO 27001:2022, GDPR, HIPAA-ready, PCI-DSS controls mapped.
Infrastructure
Hardened Cloudflare edge + AWS multi-AZ. No long-lived credentials. Daily encrypted backups.
Monitoring
24/7 SOC, real-time threat detection on all production systems, audit logs retained 7 years.
Vulnerability mgmt
We use Kagliostro on Kagliostro. Continuous scanning, < 24h SLA on critical findings.
Compliance reports
- · SOC 2 Type II — issued Jan 2026, valid through Jan 2027
- · ISO 27001:2022 — certificate #IS-789432, valid through Mar 2027
- · Penetration test report — Q1 2026, conducted by NCC Group
Request copies: trust@kagliostro.cloud