Security at Kolsetu
Your data security is our foundation, not a feature. Multi-region hosting, EU compliant, encrypted, and protected by industry-leading standards.
Security at a Glance
Understand our security posture in seconds
Regional Data Residency
Choose your region: EU, US, India, Israel & more
End-to-End Encryption
AES-256 at rest, TLS 1.3 in transit
ISO 27001 Certified
Independently audited security management
GDPR Compliant
Full alignment with EU data protection laws
Zero Trust Access
Role-based permissions with MFA & SSO
No Data Reuse
Your data is never used for model training
Compliance & Certifications
Independently verified, continuously maintained
ISO 27001
Information Security Management
CertifiedISO 27017
Cloud Security Controls
Completed AssessmentISO 27018
Cloud Privacy Protection (PII)
Completed AssessmentGDPR
EU Data Protection Regulation
CompliantEU AI Act
AI Governance Framework
AlignedEU Data Act
Data Sharing Standards
CompliantSecurity by Design
Security is embedded at every layer of the Elba platform
How Your Data Flows Through Elba
Your Users
Secure authentication
TLS 1.3 Encryption
Data in transit
Elba Platform
WAF & monitoring
AES-256 Encrypted
Data at rest
Your Data Region
EU, US, India, Israel
Identity & Access Control
- Role-based permissions (RBAC)
- Multi-factor authentication (MFA)
- SSO & LDAP integration
- Full audit logging
Data Protection
- AES-256 encryption at rest
- TLS 1.3 encryption in transit
- Customer-controlled data retention
- Secure key management
Secure Development
- OWASP Top 10 compliance
- Automated security scanning
- Mandatory code reviews
- Dependency monitoring
Threat Detection
- Real-time monitoring
- Annual penetration testing
- Vulnerability management
- Incident response procedures
Infrastructure Security
- Web application firewall (WAF)
- DDoS protection
- Network segmentation
- Intrusion detection systems
Business Continuity
- Daily encrypted backups
- Geo-redundant storage
- Disaster recovery plans
- Tested recovery procedures
Our Security Program
Comprehensive security across every aspect of operations
Privacy & Data Processing
Kolsetu processes customer data only in accordance with documented instructions. Customers remain data controllers; Kolsetu acts as data processor.
- Data minimization & purpose limitation
- Full GDPR rights support (access, rectification, erasure)
- Standard Contractual Clauses where needed
Personnel Security
All personnel undergo verification and mandatory security training. Access follows least-privilege principles.
- Background checks & confidentiality agreements
- Security awareness & phishing training
- Immediate access revocation on departure
Vulnerability Disclosure
We welcome responsible security research. Report vulnerabilities and receive acknowledgment within 48 hours.
- 48-hour acknowledgment for valid reports
- Severity-based prioritization & tracking
- Safe harbor for good-faith researchers
Hosting & Subprocessors
Multi-region infrastructure with EU compliance. We partner with AWS, Azure, and GCP under strict data protection contracts.
- Regions: EU, US, India, Israel & more
- Vetted subprocessors with security assessments
- Subprocessor list available upon request
Backed by Industry Leaders
Infrastructure and ecosystem partners you can trust
Need Our Full Security Documentation?
Get everything you need for your security assessment and vendor due diligence process.
NDAs supported for sensitive documentation requests