Security & Trust

Your most sensitive data deserves more than a promise.

Kerdour holds the confidential core of how an organisation operates — deal flow, financials, data rooms, payment instructions. This page sets out, in plain terms, exactly how that material is protected, and is honest about what is in place today versus what is still maturing.

EU-hosted infrastructure Encrypted in transit & at rest No third-party model training Access is consented & logged
Last updated 5 June 2026
01

How your data is protected

Confidentiality by architecture

The people who operate Kerdour cannot casually read your work. The platform's own operations surface sees metadata only — counts, timings, costs — never the content of a document, message, or memo.

  • The internal operations console is restricted to metadata: it shows that a process ran and what it cost, never what it was about.
  • Reading your actual content requires a break-glass grant that is scoped to one purpose, time-boxed, reason-logged, and visible to you — there is no silent backdoor.
  • Every record is bound to the organisation that owns it; cross-organisation reads are blocked at the data layer, not just the interface.

AI you can trust

AI is a tool inside your organisation, not a window out of it. The AI reads your data to serve you — but your content is never used to train models, and every interaction runs behind a hard trust boundary.

  • Your content is never used to train third-party models, and never used to improve Kerdour across customers without your explicit opt-in.
  • Using your data to answer your questions is not training — your content stays yours and is never absorbed into a model.
  • Every document the AI reads is wrapped in a prompt-injection trust boundary, so instructions hidden inside a third party's file cannot hijack the system.
  • A per-organisation AI kill-switch can halt all model activity instantly.
  • Human notes are treated as facts to weigh, never as commands to obey — the AI cannot be talked into a conclusion.

Access control & isolation

Each organisation's data lives behind its own boundary. Roles are least-privilege, and elevated access is the exception, recorded every time.

  • Per-organisation isolation enforced on every read and write.
  • Role-based access with least privilege, separating everyday users from administrators.
  • Every privileged action is written to an append-only audit log.

Data protection

Data is encrypted in transit and at rest, and the handful of secrets that matter are never stored in a form that can leak.

  • TLS 1.2+ on every connection.
  • Encrypted, regularly-tested backups.
  • Access tokens (share links, signing) stored only as one-way hashes — the plaintext is shown once and never persisted.
  • Every uploaded file is content-inspected server-side before storage; declared file types are never trusted.

Infrastructure

Kerdour runs on dedicated European infrastructure, isolated per deployment, behind a single hardened gateway.

  • Hosted in the EU (OVHcloud, France).
  • Dedicated database per deployment — no shared multi-customer database engine.
  • Containerised services with a tight, auditable surface.

Email & domain security

Outbound mail is authenticated and constrained so it cannot be spoofed or mis-sent.

  • SPF, DKIM and DMARC published and enforced on the kerdour.com domain.
  • Outbound recipients are allow-listed — the system will not email outside controlled domains by default.
02

Controls & certifications

We’d rather tell you the truth than show you a wall of badges. The controls above the line are live today; the certifications below are an honest roadmap — we don’t claim what we don’t hold.

EU data residencyIn place
All customer content is stored and processed in the EU (France).
Encryption in transit & at restIn place
TLS 1.2+ in transit; encrypted backups at rest.
Per-organisation data isolationIn place
Each organisation's data is logically separated and access is org-scoped at the query layer.
Access audit loggingIn place
Append-only log of privileged actions.
Consented, logged content accessIn place
Any access to customer content is scoped, time-boxed, logged and visible to the customer (break-glass).
No third-party model trainingIn place
Customer content is never used to train third-party models.
Prompt-injection trust boundary on AI inputsIn place
Applied to every document the AI reads.
GDPR-aligned data handling / DPAIn place
Privacy Policy + DPA published; self-serve data export; counter-signed DPA on request.
Independent penetration testPlanned
Planned with a third-party assessor before onboarding external customers.
ISO/IEC 27001In progress
Our target first certification. Controls aligned to the standard; formal audit not yet held.
ISO/IEC 42001 (AI management)In progress
The emerging standard for responsible AI governance. Our framework is drafted; certification to follow.
SOC 2 Type IIIn progress
Offered where a customer requires it. Controls aligned; formal attestation not yet held.
03

Subprocessors

The third parties Kerdour relies on to deliver the service. Video calls are self-hosted on our own infrastructure, not a third-party provider.

AnthropicAI inference providerUS
OVHcloudCloud hosting & infrastructureEU (France)
ResendTransactional / outbound email deliveryUS / EU

Incident response & disclosure

If something goes wrong, you hear it from us. We commit to notifying affected customers promptly on confirmation of a material security incident — what we know, and what we’re doing about it. Found something? Tell us at security@kerdour.com.

Doing diligence on Kerdour?

We’ll share the full security pack — architecture detail, the subprocessor list, our DPA and answers to your security questionnaire — under NDA.

Request the security pack
or email security@kerdour.com directly