Kerdour holds the confidential core of how an organisation operates — deal flow, financials, data rooms, payment instructions. This page sets out, in plain terms, exactly how that material is protected, and is honest about what is in place today versus what is still maturing.
The people who operate Kerdour cannot casually read your work. The platform's own operations surface sees metadata only — counts, timings, costs — never the content of a document, message, or memo.
AI is a tool inside your organisation, not a window out of it. The AI reads your data to serve you — but your content is never used to train models, and every interaction runs behind a hard trust boundary.
Each organisation's data lives behind its own boundary. Roles are least-privilege, and elevated access is the exception, recorded every time.
Data is encrypted in transit and at rest, and the handful of secrets that matter are never stored in a form that can leak.
Kerdour runs on dedicated European infrastructure, isolated per deployment, behind a single hardened gateway.
Outbound mail is authenticated and constrained so it cannot be spoofed or mis-sent.
We’d rather tell you the truth than show you a wall of badges. The controls above the line are live today; the certifications below are an honest roadmap — we don’t claim what we don’t hold.
The third parties Kerdour relies on to deliver the service. Video calls are self-hosted on our own infrastructure, not a third-party provider.
If something goes wrong, you hear it from us. We commit to notifying affected customers promptly on confirmation of a material security incident — what we know, and what we’re doing about it. Found something? Tell us at security@kerdour.com.
We’ll share the full security pack — architecture detail, the subprocessor list, our DPA and answers to your security questionnaire — under NDA.
Request the security pack