Kavra
Security & Compliance

Enterprise-grade security,
out of the box.

Your company's institutional knowledge is sensitive. Kavra is built from the ground up to protect it — with encryption, access control, and compliance you can trust.

SOC 2 Type IIIn Progress
GDPRCompliant
HIPAAPlanned Q4
ISO 27001Roadmap
Always On

Encryption

All data encrypted at rest using AES-256 and in transit using TLS 1.3. Encryption keys are rotated automatically and never shared.

  • AES-256 encryption at rest
  • TLS 1.3 for all data in transit
  • Automatic key rotation
  • Zero plaintext storage
RBAC

Access Control

Role-based access control (RBAC) lets admins define exactly who can see what. Granular permissions down to the client and project level.

  • Role-based access control (RBAC)
  • Admins control who sees what
  • Per-client and per-project permissions
  • Automatic access revocation on role change
Enterprise

Single Sign-On

SAML 2.0 SSO support for enterprise plans. Works natively with Okta, Azure Active Directory, and Google Workspace — no custom integration required.

  • SAML 2.0 SSO support
  • Okta, Azure AD, Google Workspace
  • Automatic user provisioning
  • Forced SSO enforcement option
Full Trail

Audit Logs

Every search, access, change, and permission modification is logged and immutable. Export audit logs at any time for compliance review.

  • Every search and access logged
  • Immutable audit trail
  • Export to CSV or SIEM
  • Retained for 24 months (Enterprise)
In Progress

Compliance Roadmap

We take compliance seriously and are working toward industry certifications to give your team and clients confidence.

  • SOC 2 Type II — in progress
  • GDPR compliant
  • HIPAA — planned Q4
  • ISO 27001 — on roadmap
US & EU

Data Residency

Choose where your data lives. Kavra supports US and EU data regions — all data stays within your selected region with no cross-region transfers.

  • US (us-east-1) or EU (eu-west-1)
  • No cross-region data transfer
  • Region selection at onboarding
  • Enterprise: custom region on request

Your data never trains our models

Kavra uses AI to power search and generation within your organization's data — but we never use your company's information to train shared models. Your knowledge stays yours.

Penetration tested annually

Our infrastructure undergoes annual third-party penetration testing and quarterly security reviews. Reports available to Enterprise customers on request.

Have specific security requirements?

Enterprise customers get a dedicated security review and custom compliance documentation.

Contact our security teamView Enterprise plan