Kynthar
ProductSecurityPricing
Log inRun a pair check

Security

Your data stays yours

Kynthar stores and analyzes your procurement data persistently. That analysis is the product. Here is exactly how we protect it, who can see it, and how you can delete it.

AI DATA HANDLING

Four commitments on how your data flows through AI

Kynthar uses frontier LLMs (Google Gemini, xAI Grok, and others) for classification, extraction, and analysis. Every provider processes your data only to serve our API requests, under enterprise API terms that prohibit training on customer data.

LLM data commitments
#CommitmentDetail
1Your data is never used to train any AI modelKynthar never trains models on your data, and our LLM providers' enterprise API terms prohibit using customer API data to train their models.
2Providers process your data only to serve our requestsPrompts and responses are used solely to return results to Kynthar, under each provider's enterprise API terms. Any transient retention is governed by those terms and is never used for training.
3No human review of your data at KyntharDocument processing is fully automated. No Kynthar analyst reads your documents.
4You can delete your data at any timeFull export and permanent deletion on request, with or without an active contract.

TENANT ISOLATION

Multi-tenant isolation enforced at the database layer.

Kynthar is a multi-tenant system. Every customer's data lives in the same database. The isolation between tenants is not a feature of the application code. It is a constraint enforced by the database engine itself.

Tenant isolation controls
#ControlDetail
1FORCE ROW LEVEL SECURITY on every multi-tenant tablePostgres RLS policies are enforced at the database engine level. There is no superuser path that bypasses RLS in the application. Every table that holds customer data carries a FORCE RLS directive.
2Every query requires app.current_company_id before any SELECT returns rowsThe database session variable must be set before any query executes. The default is NULL, which means a missing context returns zero rows, not all rows. Fail-closed by design.
3Tenant separation enforced at the database layer, not trusted from the applicationA bug in application code that forgets to scope a query cannot leak cross-tenant data. The database refuses to return rows without a valid tenant context, regardless of what the application sends.
4Verified by a 13-table integration test suite and two dedicated migrationsThe purge-tenant test suite exercises the full deletion flow against a real database across 13 tables. Migrations 0458 (tenant-purge cascade foreign-key coverage across every customer-data table) and 0459 (deferrable audit-log foreign keys so tenant purges complete cleanly) enforce and verify the deletion boundary.
5No customer can name another customer. Tenant IDs are non-enumerable.Tenant identifiers use ULID format. There is no sequential numbering, no enumerable namespace, and no API that lists tenant IDs. Cross-tenant reconnaissance is structurally impossible.

STORAGE POSTURE

Procurement intelligence requires a memory. Here is how we protect it.

Kynthar stores your documents, emails, and extracted data so it can cross-reference, detect anomalies, and compound insight over time. Persistent storage is the product. These are the controls that make it safe.

AWS RDS Postgres (us-east-2), AES-256 encrypted at rest
Database storage is encrypted at rest with AES-256, keyed and rotated by AWS KMS. Point-in-time restore is enabled.
Document storage in AWS S3 (us-east-2), AES-256 encrypted
Original and processed documents are encrypted at rest with AES-256 server-side encryption (SSE-S3). No customer document is stored unencrypted.
TLS 1.2+ enforced on every endpoint
HTTPS required at the edge. HTTP traffic is refused at the load balancer. No TLS downgrade.
Multi-tenant architecture, data never pooled across customers
Each company's data is isolated by Postgres RLS policies. No shared tables, no cross-tenant joins, no aggregate queries that touch another customer's rows.
Every insight derived from your own documents, never cross-tenant
Anomaly baselines, vendor scores, and spend patterns are computed from your data only. No benchmarking against other customers' data.

DELETION ON DEMAND

Full export and permanent deletion, any time

No lock-in. No retention traps. If you leave, your data leaves with you and then disappears from our systems entirely.

Request full export and permanent deletion at any time
With or without an active contract. No lock-in, no retention periods, no exceptions.
Deletion completes within 30 days of request
Confirmed in writing once all data has been permanently removed from active systems.
Encrypted backups age out on a fixed schedule
Database backups expire within the 7-day point-in-time restore window; stored document versions expire within 90 days. Backups containing deleted tenant data are not restorable once they age out.
Automated tenant-purge tooling with deletion confirmation
Every purge produces a row-count confirmation recording what was deleted, when, and by whom. The tooling is continuously tested via a 13-table rich-shape integration suite. Confirmation available to the departing customer on request.

SUB-PROCESSORS

A short, audited sub-processor list.

Your procurement document data touches AWS for storage and compute; Google, xAI, OpenAI, and Anthropic for AI processing; and DeepInfra for text recognition on scanned documents. Each AI provider processes data only to serve our requests, under enterprise API terms that prohibit training on customer data. Stripe handles billing data only, Google SMTP and AWS SES handle email relay. No other third parties handle customer data.

Sub-processor registry
ProviderRoleData HandledRegionCompliance
AWSInfrastructure (compute, storage, networking)All customer data at rest and in transitus-east-2 (Ohio)SOC 2, ISO 27001
GoogleLLM provider (Gemini, primary for document and email processing)Document and email text sent for processingUSSOC 2, ISO 27001 (Google Cloud)
xAILLM provider (Grok, contract extraction and fallback)Document text sent for processingUSEnterprise API terms, no training
OpenAILLM provider (embeddings and fallback)Document text sent for processingUSSOC 2 Type II
AnthropicLLM provider (Claude, select analysis tasks)Document text sent for processingUSSOC 2 Type II
DeepInfraText recognition for scanned documentsDocument page images sent for text recognitionUSAnnual vendor review
StripePayments processorBilling data only; no procurement documentsUSPCI DSS Level 1, SOC 1/2
Google (SMTP)Outbound email relayNotification emails only; no procurement documentsUSSOC 2, ISO 27001
AWS SESInbound email receiptForwarded procurement emails (text + attachments)us-east-2 (Ohio)Inherits AWS SOC 2, ISO 27001

SECURITY PRACTICES

How we protect your data, day to day.

Security is not a feature we shipped once. It is a set of practices enforced on every commit, every deploy, every hire, and every vendor relationship.

Continuous testing: 80+ deploy gates fire on every deploy
Every production change passes 80+ automated gate scripts before it can ship. Schema validation, envelope drift, RLS policy checks, dependency audits, and deployment safety scans run on every single deploy.
Penetration testing
Annual third-party penetration testing is on our 2026 roadmap. Current security testing is continuous via the deploy-gate suite, plus internal red-team exercises before each enterprise contract.
Vulnerability scanning
A dependency audit gate runs on every deploy and surfaces high and critical advisories in production dependencies for triage. Application images are rebuilt from source on every deploy. Critical advisories are patched within 24 hours, high within 7 days, per our documented SLA.
Multi-factor authentication
Required for all employee access to production systems and customer data. AWS root-account MFA and least-privilege IAM scope-down are being finalized as part of our SOC 2 control rollout.
Single sign-on
Available on Platform contracts via SAML 2.0 or OIDC. Contact security@kynthar.com to scope.
Incident response
Documented runbook with a 72-hour customer-notification SLA for any incident affecting customer data. Prometheus, Alertmanager, and automated paging ensure incidents are detected within minutes.
Employee training
Security and data-handling training on hire and annually. All employees with production access complete training before receiving credentials.
Background checks
Standard background checks for all employees with production access.
Vendor risk management
Sub-processors reviewed for SOC 2 or equivalent posture before onboarding. Current sub-processor list visible in the table above.

COMPLIANCE POSTURE

Honestly labeled. Live controls first, audits second.

SOC 2 Type I controls are implemented and enforced; the audit is on the 2026 roadmap. Not yet SOC 2 audited. ISO 27001 is also on the roadmap. What is live today: the full control set below, enforced on every deploy.

  • SOC 2 Type I (audit on the 2026 roadmap)
  • ISO 27001 (on roadmap)
  • GDPR DPA available on request
  • AWS SOC 2 / ISO 27001 at infra layer
  • No training on customer data by any LLM provider
  • AES-256 encryption at rest
  • TLS 1.2+ in transit
  • Row-level tenant isolation (RLS)
  • Daily encrypted backups with 7-day point-in-time restore
  • 72-hour incident notification SLA

RESPONSIBLE DISCLOSURE

Found a vulnerability? Tell us.

We welcome reports from security researchers. Send a brief description and reproduction steps to security@kynthar.com.

Safe harbor
We will not pursue legal action against researchers who follow responsible-disclosure practices: report privately, allow reasonable time to remediate (default 90 days), avoid privacy violations or service degradation.
Acknowledgment
Researchers who report a valid vulnerability are credited on this page (with consent) and acknowledged in our security advisories.
Machine-readable policy
Our security.txt file is published at /.well-known/security.txt per RFC 9116.

SECURITY ADVISORIES

Transparency when it matters most.

We post timestamped statements on this page when significant security events occur in our supply chain: LLM provider incidents, infrastructure provider incidents, dependency CVEs affecting Kynthar. Past statements remain visible to preserve the audit trail.

“

No security advisories have been issued to date.

Kynthar Security Team

THIRD-PARTY SECURITY GRADES

Independent, verifiable scores.

These grades are issued by third-party scanning services. Click the links to verify against the live reports.

Third-party security grades
ScannerProviderGradeWhat It TestsVerify
SSL LabsQualys SSL LabsATLS configuration, certificate chain, protocol supportssllabs.com/ssltest/analyze.html?d=kynthar.com
Security Headerssecurityheaders.comAHSTS (preload), Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy are all enforced at the edge.securityheaders.com/?q=kynthar.com
“

Security questionnaires, SIG-Lite responses, and responsible disclosure reports welcome. We respond within one business day.

security@kynthar.com

security@kynthar.com

ComplianceControls and policiesSOC 2 alignment, policy summaries, and continuous testing.ContactTalk to usSecurity questionnaires, DPA requests, or general questions.
Kynthar

Procurement intelligence for manufacturers. Every finding ships with its receipt: the line, the price, the clause.

support@kynthar.com

Product
  • Product
  • How it works
  • For manufacturers
  • Pricing
  • Run a pair check
Tools
  • Tariff checker
  • Schedule a demo
  • Log in
Company
  • Why Procurement Intelligence
  • Security
  • Resources
  • Contact
Legal
  • Privacy
  • Terms
  • DPA

Not a document extractor. Not an ERP replacement.

© 2026 Kynthar, Inc. All rights reserved.