shield // Security_Framework

Your Intelligence
Stays Sovereign

Every client receives an isolated infrastructure layer. Your deal flow, investment thesis, and proprietary signals never touch a shared environment — and are never used to train models that benefit anyone but you.

Last reviewed: June 2026  ·  Version 2.1

// Core_Guarantees

Six commitments to your fund

domain

01 — Data Sovereignty

Isolated Per-Fund Infrastructure

Each client operates on a dedicated, logically isolated environment. No shared memory, compute, or storage. Your data cannot be accessed by, or compared against, any other fund's intelligence — by design, not just policy.

block

02 — Zero Model Leakage

Your Data Never Trains Public Models

Client data — your thesis, deal flow, scoring parameters — is contractually prohibited from being used to train any model accessible by other clients or third parties. Any fine-tuning stays on your infrastructure, under your control.

lock

03 — Encryption

End-to-End Data Protection

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Pipeline outputs, Telegram delivery, and dashboard access all operate over fully encrypted channels. Backups are encrypted independently.

manage_accounts

04 — Access Controls

Minimum Necessary Access

Klymo personnel access client environments only when explicitly required for support or deployment. All access events are logged with full audit trails. MFA is mandatory for all Klymo engineers with any client system access.

verified

05 — Perimeter Hardening

Verifiable, Not Just Claimed

Every response from our infrastructure carries a strict Content-Security-Policy, one-year HSTS across all subdomains, and frame-ancestors 'none' — check it yourself with curl -I, no NDA required. API traffic is rate-limited at the edge, and known scanning tools (sqlmap, nikto, nmap, Burp Suite, Nessus) are blocked automatically before they reach the application layer.

HSTS 1yr CSP Rate-Limited Bot-Blocking
history

06 — Data Lifecycle

Clean Exit on Contract End

Client data is retained for the duration of the agreement plus 12 months for dispute resolution. Upon contract termination, a full deletion is executed within 30 days upon request, with written confirmation provided.

// Written_Protections

What's guaranteed in every contract

check_circle
No cross-client data access Architectural isolation
check_circle
No public model training on client data Contractual prohibition
check_circle
Data encrypted at rest and in transit AES-256 · TLS 1.3
check_circle
Full deletion within 30 days of contract end Written confirmation
check_circle
Audit log of all personnel access events Available on request
check_circle
Breach notification within 72 hours GDPR standard
check_circle
Enterprise on-prem / private VPC available Enterprise deployments

// Questions

Security questions before signing?

We're happy to walk your CISO or LP compliance team through our full security architecture before any commitment.

Or email directly: support@klymo.net