Security Practices

How We Protect Your Data

Security is built into every layer of our platform, from how we store your data to how your team accesses it. Here is exactly what we do.

Encryption

All data encrypted in transit and at rest. No exceptions.

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Secrets managed via environment variables, never stored in code
  • Database connections encrypted end-to-end

Access Controls

  • Enterprise SSO via WorkOS (SAML 2.0 and OIDC)
  • Role-based access control: owner, admin, member
  • Per-agent access gating with org-level allow lists
  • Session management with automatic expiry

Data Isolation

  • Every database query scoped to your organization ID
  • No cross-tenant data access, enforced at the query layer
  • Separate agent configurations and knowledge bases per org
  • We never train models on customer data

Audit & Compliance

Full visibility into platform activity. Built for compliance from the start.

  • Every mutation logged with user, action, target, and timestamp
  • Admin dashboard for reviewing platform activity
  • SOC 2 Type II certification in progress
  • GDPR-aligned data handling practices

Infrastructure

Where your data lives and how it's served.

Backend

Convex: serverless with automatic scaling and built-in ACID transactions

Auth Provider

WorkOS AuthKit: enterprise SSO, directory sync, MFA support

Hosting

Self-hosted VPS with Cloudflare CDN, WAF firewall, and DDoS protection

Report a Vulnerability

Found a security issue? We respond to all reports within 48 hours and will keep you updated on resolution progress.

security@karigor.ai

Need More Detail?

We're happy to walk through our security architecture, share compliance documentation, or answer specific questions from your team.