Built to be trusted with the work that matters.
Kirality runs the busywork of regulated, real-world businesses — clinics, firms, practices, shops. That only works if your data is safe and every move is accountable. Here's exactly how we protect it, in plain terms.
Encryption at rest
Sensitive data — credentials, business records, PHI — is stored as AES-256-GCM ciphertext. A raw database or backup dump never exposes plaintext.
Per-tenant keys
Every workspace gets its own key, derived (HKDF) from a platform master held in a KMS. One tenant’s key cannot decrypt another’s data — isolation is cryptographic, not just logical.
Database-level isolation
Row-Level Security enforces tenant_isolation on every tenant table inside Postgres itself. Even an application bug cannot read across workspaces.
Glass-box audit ledger
Every sensitive and AI-taken action is recorded in an append-only audit trail you can read — who did what, when. The AI proves every move.
HIPAA-aligned retention
Health data is retained for the required window and hard-destroyed on schedule. Offboard and your data is purged on the clock, not forgotten in a backup.
You own your data
Export everything at any time, or delete it. No lock-in, no hostage data. Your business, your records.
Healthcare & BAA
For healthcare workspaces, Kirality acts as your Business Associate under a signed BAA. Our delivery team operates only through the AI with patient information masked at the human layer, access is least-privilege and fully audited, and PHI is encrypted at rest with a per-tenant key. Ask your account manager for your executed BAA and current subprocessor list.
Talk to us about compliance →