Security
ISO 27001:2022 alignment
Status: in progress
Klai is aligning its information security management system with ISO 27001:2022. We are not yet certified. We use “aligned” deliberately: we have mapped every Annex A control to our infrastructure, identified the gaps, written policies to close them, and are working through that plan.
For enterprise customers evaluating Klai, this means:
- A formal Statement of Applicability exists and is available on request.
- Every control has been assessed against our actual infrastructure, not a generic checklist.
- Gaps are identified, documented, and have remediation plans with owners.
- We treat security as an ongoing engineering discipline, not a checkbox exercise.
Control coverage
Our current assessment against the 93 controls in ISO 27001:2022 Annex A:
| Category | Controls | Covered | Partial | Gap |
|---|---|---|---|---|
| A.5 Organizational | 37 | 19 | 17 | 1 |
| A.6 People | 8 | 3 | 4 | 1 |
| A.7 Physical | 14 | 12 | 2 | 0 |
| A.8 Technological | 34 | 25 | 9 | 0 |
| Total | 93 | 59 | 32 | 2 |
63% fully covered. 35% partially covered. 2% identified gap.
The two identified gaps are A.5.6 (Contact with special interest groups) and A.6.1 (Screening). Both have remediation plans in progress.
Partial coverage means the control is implemented but documentation, monitoring, or process formalization is not yet complete. We are closing these systematically.
How our stack implements security
Security is baked into the infrastructure. It is not a layer we added later, it is a result of the choices we made when we started building Klai.
EU-only data residency. All compute and storage runs on Hetzner infrastructure in Finland. No data leaves the EU. No replication to non-EU regions. No fallback to US cloud providers.
Zero US cloud dependency. We do not use AWS, Azure, or GCP for any part of the data path. This eliminates Cloud Act exposure entirely. No US government agency can compel disclosure of your data through our infrastructure providers.
EU-based external AI inference. For queries that require models we do not run locally, inference routes through Mistral AI, a French company subject to EU law. Account identities and billing data are never included in these API calls. Mistral does not retain query data after inference is complete. See our sub-processor list for details.
Full open-source stack. Every component in the Klai platform is open source and auditable. LibreChat, vLLM, LiteLLM, Zitadel, Caddy, VictoriaLogs, GlitchTip. You can inspect every line of code that touches your data.
Encryption in transit and at rest. All traffic is encrypted via TLS, terminated at Caddy. Storage uses Hetzner encrypted volumes. There is no unencrypted data path.
Tenant data isolation. Chat data and user content are stored in tenant-specific namespaces. Some infrastructure components, like authentication and monitoring, run on shared infrastructure with strict access controls. This is a partial multi-tenant architecture: core data stores are isolated per tenant, not just logically separated by row-level filters.
Privacy-first audit logging. Every significant system event is logged to VictoriaLogs. Application errors and exceptions are tracked in GlitchTip. Logs record user and session identifiers rather than usernames or personal data. That is a deliberate privacy-by-design choice: logs stay useful for incident investigation without exposing personal information.
GDPR by design. Data minimization, purpose limitation, and storage limitation are built into the platform architecture. A Data Processing Agreement is available on request.
Zero-trust identity. Authentication runs through Zitadel with OpenID Connect. Multi-factor authentication is supported and recommended. Session management follows current best practices for token rotation and expiry.
Documentation set
We maintain a formal security documentation set aligned with ISO 27001 requirements:
- Statement of Applicability: maps all 93 Annex A controls to our implementation status. Available on request under NDA.
- 10 policy documents covering information security, access control, incident response, asset management, supplier relationships, and the identified gap areas.
- Asset register that lists all information assets, their classification, and their owners.
- Incident response runbook with defined escalation paths, communication procedures, and a post-incident review process.
- Annual security review. Policies and controls are reviewed, tested, and updated at least once per year.