Security Summary — Public Disclosure

Security Summary
the one-pager for due diligence

The short version your InfoSec team needs first. Each line is backed by the full Trust Center evidence room. Roadmap items are labelled as roadmap — the claim never exceeds the proof.

At a glance

AreaPostureStatus
Data residencyEU-hosted infrastructure (Fly.io, EU regions)In place
Encryption in transitTLS 1.2+ on all public endpointsIn place
Encryption at restEncrypted volumes for persisted dataIn place
Access controlLeast-privilege, secrets in platform vault (not in repo)In place
Logging & auditAppend-only audit log for state-changing actionsIn place
Incident responseDefined severity levels + contact pathIn place
GDPR / DPADPA available; EU data processingIn place
SOC 2Controls mapped; formal attestationRoadmap
Penetration testIndependent external testRoadmap

Posture reflects current state at time of writing; verify the live control matrix in the Trust Center before relying on any single line.

Core controls

Data handling

Data minimisation by design; retention schedule published in the Trust Center; EU processing.

Secrets

Credentials held in the platform secret store, never committed to source. No secrets in logs or client output.

Change management

Changes ship from version control; production is a reproducible deploy from the canonical branch.

AI governance

Agents run with autonomy disabled, kill-switch enabled, human decision required — separation of real vs. simulation.

Incident response

Security issues are triaged by severity and acknowledged without undue delay. Report suspected vulnerabilities to security@k0nsult.cloud. Full procedure, severity definitions, and timelines are in the Trust Center.

Responsible disclosure welcome. We will not pursue good-faith researchers who follow coordinated disclosure and avoid privacy violations, data destruction, or service degradation.

Go deeper

This is the summary. The evidence lives in the Trust Center — security architecture, GDPR, DPA, control matrix, retention, and incident response in full.

Open Trust CenterBook a security review