Security at Kirimana.

We treat security as a first-class principle, not a final review step. The contract platform exists to make AI usage, audit, and compliance the default — not the audit-trail surface for security gaps.

Reporting a vulnerability

Email security@kirimana.io with details. We respond within 72 hours. Coordinated-disclosure friendly.

What we ship by default

• AI policy gate on every Large Language Model (LLM) call — classification-checked before reaching any provider
• Audit redaction with a two-approver gate for GDPR Article 17 erasure
• Vault references everywhere — Continuous Integration (CI) fails on detected plaintext
• OpenID Connect (OIDC) Single Sign-On (SSO) pinned to your IdP; Role-Based Access Control (RBAC) enforced both at runtime and at Pull Request (PR) time
• Multi-environment Continuous Integration / Continuous Delivery (CI/CD) with environment-scoped capabilities
• Detection layer routing apply / SLA / drift / health events to your IT Service Management (ITSM) of record

Compliance

Generators ship in the box for:

• Digital Operational Resilience Act (DORA)
• European Union Artificial Intelligence Act (EU AI Act)
• General Data Protection Regulation (GDPR), including Article 17 redaction

SOC 2 and ISO 27001 reporting are scoped under Professional Services. See /trust for the trust center — sub-processors, attestations, Data Processing Agreement (DPA).