Security
Security built into every workflow
Keelstar holds the documents that prove your business is compliant. Protecting them — and being able to show what happened to them — is the core of the product, not an afterthought.
Encryption and storage
Data is encrypted in transit and at rest. Documents and records are stored on managed, access-controlled infrastructure, with backups and retention configurable to your needs.
Access controls
Role-based permissions govern who can view and act on each workflow. Access is granted by role and is fully auditable, so adding or removing access is a single, recorded decision.
Audit logging
Audit logging is built into every workflow. Every meaningful action — request, edit, approval, export — is recorded with an actor and timestamp, and can be exported as evidence.
Application security
We follow secure development practices, review changes before release, and monitor for issues. Security testing and dependency review are part of our process.
Privacy and data handling
You own your data. We process it to provide the service, support exports at any time, and honor deletion requests. We do not sell your data.
Incident reporting
If you believe you've found a security issue, contact us at security@keelstar.com. We investigate reports promptly and will keep you informed.
Future compliance artifacts
Built with room for what's next
We don't claim certifications we don't hold. As formal attestations such as SOC 2 are completed, they'll be published here. In the meantime, product security and data-handling details are available on request, and audit logging is built into every workflow.