Security overview
Understand how Kabaido isolates, encrypts and protects your commercial data.
Commercial data is competitive data. Kabaido is built tenant isolated from the first table, so your requests, quotes, customers and catalogue stay yours. This section documents the practices in force today, in enough detail for a security review. We publish practices rather than badges, so you can assess them now.
The model in one view
| Layer | Practice |
|---|---|
| Isolation | Every row is organisation scoped with database enforced row level security. Storage paths are tenant prefixed. |
| Encryption | TLS in transit, AES-256 at rest and application layer encryption for integration credentials. |
| Access | Five roles enforced at the database, owner safeguards and an audit log of administrative actions. |
| AI | Anthropic only, configured for zero retention. No training on customer data. Every value cited, never guessed. |
| Hosting | Data resides in the United Kingdom region of our infrastructure providers. |
| Payments | Stripe holds card details. Kabaido never sees or stores them. |
| Your data | Full export anytime and deletion on request. |
Sealed Tenancy tiers
| Tier | What it gives you |
|---|---|
| Standard | Organisation scoped isolation on shared infrastructure, on every account. |
| Sealed | Dedicated project isolation for Enterprise. Talk to us. |
| Sovereign | Customer held keys for Enterprise. Talk to us. |
Assurance roadmap
ISO 27001 and SOC 2 programmes are on the roadmap. We publish our practices today rather than badges, so you can assess them now.
The rest of this section goes deeper: tenant isolation and access control, encryption and credential handling, how the AI handles your data, compliance and UK GDPR, platform and payment security, and how to export or delete everything.