JK
JustKalm

Trust & Security

Enterprise-grade security for your data

JustKalm is built with security at its core. We maintain rigorous compliance standards and implement industry-leading security practices to protect your data.

Contact Security TeamView Documentation
99.999%
Uptime SLA
Type II
SOC 2 Certified
4 Regions
Data Centers
AES-256
Encryption

Compliance & Certifications

Independent audits and regulatory compliance

Request audit reports
Certified

SOC 2 Type II

Annual audit by independent third-party. Controls verified for security, availability, and confidentiality.

Last audit: October 2024
Certified

GDPR

Full compliance with EU General Data Protection Regulation. Data processing agreements available.

Last audit: Ongoing
Certified

CCPA

California Consumer Privacy Act compliant. Consumer rights fully supported.

Last audit: Ongoing
In Progress

ISO 27001

Information security management certification in progress. Expected Q2 2025.

Planned

HIPAA

Health data compliance planned for healthcare/wellness product integrations.

Certified

PCI DSS

Level 1 Service Provider. All payment data handling via certified providers.

Last audit: September 2024

Security Features

Defense in depth with multiple layers of protection

End-to-End Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). Zero-knowledge architecture for sensitive data.

API Key Management

Scoped API keys with granular permissions. Key rotation, expiration policies, and usage monitoring.

Multi-Factor Authentication

MFA required for all dashboard access. Support for TOTP, WebAuthn, and hardware security keys.

Role-Based Access Control

Fine-grained permissions with predefined roles. Custom role creation for enterprise accounts.

Audit Logging

Comprehensive audit trails for all API calls and dashboard actions. 90-day retention, exportable logs.

Vulnerability Management

Continuous security scanning, regular penetration testing, and responsible disclosure program.

Infrastructure Security

Enterprise cloud architecture with high availability

Multi-Region Deployment

Primary infrastructure in AWS us-east-1 with failover to us-west-2 and eu-west-1.

Database Security

PostgreSQL with encryption at rest, automated backups, and point-in-time recovery.

DDoS Protection

Cloudflare Enterprise for DDoS mitigation, rate limiting, and WAF protection.

Zero-Trust Network

Segmented VPC architecture with no public database access. All internal traffic encrypted.

Data Privacy

How we handle and protect your data

Data Minimization

We only collect data necessary for our services. Product URLs and metadata, no PII stored by default.

Data Retention

API request logs retained for 90 days. Valuation cache for 30 days. Full data deletion on account closure.

Data Location

Data processed in US and EU regions. EU customers can request EU-only data residency.

Sub-processors

Vetted list of sub-processors available upon request. 30-day notice for new sub-processor additions.

Privacy PolicyData Processing AgreementSub-processors List

Incident Response

Our security team operates 24/7 with defined incident response procedures:

  • 15 minutes: Initial triage and severity assessment
  • 1 hour: Customer notification for high-severity incidents
  • 24 hours: Preliminary incident report
  • 5 days: Full post-mortem and remediation plan

Responsible Disclosure Program

We appreciate security researchers who help us keep JustKalm secure. If you discover a vulnerability, please report it responsibly.

Scope: API, Dashboard, SDKs
Response Time: Within 48 hours
Report a Vulnerability

Business Continuity

Ensuring availability and reliability at all times

Automated Backups

Continuous replication with point-in-time recovery. Daily snapshots retained for 30 days.

Geographic Redundancy

Multi-region deployment with automatic failover. RTO < 15 minutes, RPO < 5 minutes.

Disaster Recovery

Tested DR plan with annual exercises. Full system recovery capability within 4 hours.

Have Security Questions?

Our security team is available to answer your questions, provide audit reports, and discuss your specific compliance requirements.

Contact SecurityView System Status