Trust, Security & Privacy
Last updated: June 20, 2026
Our commitment
Krypsis is a multi-tenant GRC platform. We treat customer data as confidential by default and design our controls so that tenants only see their own data.
Access & tenancy
- Row-level security is enabled on all customer data tables.
- Tenant isolation is enforced server-side on every API call.
- Role-based access control (super_admin, tenant_admin, members).
- Authentication via email/password and Google SSO.
Data protection
- Encryption in transit (TLS) and at rest.
- Secrets stored in a managed secrets vault, never in source.
- Uploaded evidence and SBOMs stored in private buckets.
Privacy
We collect only the data needed to operate the service. Tenant administrators can request export or deletion of their tenant's data.
Reporting an issue
Please report suspected vulnerabilities or data concerns to your Krypsis account contact. We acknowledge reports within two business days.