Security at Kagliostro

Operator. Kagliostro Cloud is operated by KAMALOKA AI TECHNOLOGIES LLC ("Kamaloka", "we", "us"). Registered in Delaware, United States. Contact: legal@kagliostro.io.

We are a security company. Our own security posture is a feature.

Certifications

SOC 2 Type II (audited annually). ISO 27001 (in progress, Q4 2026). PCI DSS not applicable — we don't store cardholder data.

Application security

SDLC includes mandatory peer review, automated SAST on every PR, dependency scanning, secret detection, and weekly DAST against staging.

Infrastructure

Multi-AZ AWS deployment, isolated VPCs, KMS-managed encryption keys, automated backups with point-in-time recovery, and 24/7 on-call.

Access control

SSO for employees, hardware MFA mandatory, least-privilege IAM, just-in-time access for production, all access logged and reviewed.

Responsible disclosure

Found a vulnerability? Email security@kagliostro.io with PGP encryption. We respond within 24 hours and credit researchers on our Hall of Fame.