Compliance Certifications
Last Updated: 2 August 2025
Kai maintains rigorous compliance standards to ensure the security and privacy of your data. Below are our current certifications, audit reports, and compliance status.
SOC 2 Type II
Current - Valid through Dec 2025
Annual audit of our security, availability, processing integrity, confidentiality, and privacy controls.
GDPR Compliant
Continuously maintained
Full compliance with EU General Data Protection Regulation for data protection and privacy.
ISO 27001
In Progress - Certification Q4 2025
International standard for information security management systems (ISMS).
Penetration Testing
Quarterly assessments
Regular third-party security assessments to identify and address vulnerabilities.
Security Framework Compliance
Our security program aligns with industry-leading frameworks and standards:
NIST Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover
OWASP Top 10
Web application security standards
CIS Controls
Critical security controls implementation
Cloud Provider Certifications
Kai leverages Google Cloud Platform's enterprise-grade security and compliance certifications:
- SOC 1, 2, 3 - Service Organization Control reports
- ISO 27001, 27017, 27018 - Information security standards
- PCI DSS - Payment Card Industry Data Security Standard
- HIPAA - Health Insurance Portability and Accountability Act
- FedRAMP - Federal Risk and Authorization Management Program
Regional Compliance
European Union
- GDPR - General Data Protection Regulation compliance
- Standard Contractual Clauses - For data transfers outside the EEA
- Data Processing Agreements - Available for enterprise customers
United Kingdom
- UK GDPR - Post-Brexit data protection compliance
- Data Protection Act 2018 - UK data protection law
- ICO Registration - Information Commissioner's Office
United States
- CCPA - California Consumer Privacy Act compliance
- COPPA - Children's Online Privacy Protection Act
- State Privacy Laws - Compliance with applicable state regulations
Audit & Assessment Schedule
| Assessment Type | Frequency | Last Completed | Next Due |
|---|---|---|---|
| SOC 2 Type II Audit | Annual | December 2024 | December 2025 |
| Penetration Testing | Quarterly | July 2025 | October 2025 |
| Vulnerability Assessment | Monthly | July 2025 | August 2025 |
| GDPR Compliance Review | Semi-annual | June 2025 | December 2025 |
| ISO 27001 Certification | Annual (after initial) | In Progress | December 2025 |
Enterprise Documentation
For enterprise customers and security reviews, we provide additional documentation upon request:
- SOC 2 Type II Reports - Available under NDA
- Security Questionnaire Responses - Standard and custom formats
- Penetration Test Reports - Executive summaries available
- Data Processing Agreements - GDPR-compliant DPAs
- Business Associate Agreements - For HIPAA-covered entities
- Vendor Risk Assessment - Detailed security assessments
Continuous Monitoring
We maintain continuous compliance through:
- Automated Compliance Monitoring - Real-time policy enforcement
- Regular Internal Audits - Quarterly self-assessments
- Employee Training - Ongoing security and compliance education
- Vendor Management - Regular sub-processor compliance reviews
- Policy Updates - Regular review and updates of security policies
Need Compliance Documentation?
If you need specific compliance documentation for your security review or vendor assessment, our team is ready to help.