Security at Kinelo
Your team’s context is your most valuable asset. We built Kinelo so that AI can use it, and no one else can.
Kinelo connects to the tools where your organization’s knowledge lives. That’s a responsibility we take seriously: every architectural decision, from tenant isolation to credential encryption, starts with protecting your data.
Security by architecture, not by promise. AI agents on Kinelo operate inside technically enforced boundaries (database-level tenant isolation, scoped API access, and customer-controlled permissions), not procedural guidelines. An agent can only see what you’ve authorized, and nothing else.
How we protect your data.
Tenant isolation, enforced at the database.
Every customer's data is segregated using row-level security, enforced by the database itself and verified by automated checks on every code change. Tenant-scoped API endpoints add a second layer.
Encryption everywhere.
All data is encrypted in transit (TLS 1.2+) and at rest. Integration tokens and credentials get an additional layer of application-level encryption: they're encrypted before they ever touch the database and decrypted only at runtime.
You control what AI can access.
Kinelo's AI agents inherit only the permissions you grant through OAuth. They can't escalate their own access, and your data is never used to train AI models. We use AI providers in inference-only mode under data processing agreements that prohibit training on customer data.
Least-privilege access, reviewed regularly.
Production access is restricted to a small set of authorized engineers, protected by multi-factor authentication and single sign-on. Direct database access is treated as a privileged operation requiring explicit authorization. Access is reviewed on a recurring schedule.
Secure development.
Every change to production goes through human code review, automated testing, static analysis, and dependency vulnerability scanning, enforced by required checks that must pass before merge. AI-generated code goes through the same review as human-written code.
Monitoring and incident response.
Centralized logging with tenant-level audit trails, error and performance monitoring, external uptime monitoring, and a documented incident response plan with defined severity levels and customer notification procedures.
Resilient infrastructure.
Kinelo runs on SOC 2-certified cloud providers with automated daily backups, point-in-time recovery, autoscaling, and load balancing. We maintain documented business continuity and disaster recovery plans.
Vendor accountability.
Every vendor with access to customer data is risk-classified and reviewed annually, including verification of their SOC 2 or equivalent certifications.
Kinelo is undergoing a SOC 2 Type I audit with an independent CPA firm, covering Security, Availability, and Confidentiality. Our compliance program is continuously monitored through automated controls. Contact us for our security documentation or audit status.
Found a vulnerability? We want to hear about it. Report security issues to security@kinelo.com. We confirm and prioritize all reports, coordinate disclosure timing with you, and credit reporters with their permission.
Contact
Questions about security, compliance documentation, or our practices:
security@kinelo.com