Kavanah

AI Agents

Auto-Planning

AI builds your sprint

Smart Triage

Auto-prioritize & assign

Agent Workflows

Automate any process

Risk Detection

Flag blockers early

Platform

Boards & Views

Kanban, timeline, list

Team Spaces

Shared project hubs

Team Chat

Communicate in context

Smart Alerts

AI-curated notifications

Learn

Blog

Tips and updates

Documentation

Guides and references

Support

Help Center

Get answers fast

Community

Connect with others

Trust & Compliance

SOC 2, ISO, HIPAA, GDPR

Pricing
Log inGet started

Trust & compliance

Built so your security and legal teams can say yes.

Kavanah is designed for teams that work with regulated industries, sensitive client data, and procurement processes that ask hard questions. Here's where we stand.

Encryption everywhere

TLS 1.2+ in transit, AES-256 at rest. Per-workspace key separation for sensitive fields.

Immutable audit logs

Every read/write/admin action recorded. Database-enforced immutability. Configurable retention up to 7+ years.

GDPR / DSAR ready

Export or erase a subject's data on request. Consent records and Data Processing Addenda built in.

Legal hold & eDiscovery

Freeze deletion of specific projects, users, or workspaces under litigation. Search and export across messages, tasks, and audit logs.

Certifications & artifacts

Some artifacts are shared under NDA. Submit a request and our security team will respond within two business days.

SOC 2 Type II

In observation period

Independent attestation of our security, availability, and confidentiality controls. The full report is available under NDA on request.

  • Annual Type II audit by a licensed CPA firm
  • Covers access control, change management, incident response, monitoring
  • Bridge letter and gap analysis available for active engagements

ISO/IEC 27001

Targeting Q4 2027

International standard for an Information Security Management System. We are aligning our control framework now and pursuing formal certification.

  • Statement of Applicability mapped to Annex A controls
  • Risk assessment cadence aligned to SOC 2 program
  • Pre-certification readiness review available to enterprise customers

HIPAA BAA

Available on Enterprise

Business Associate Agreement for healthcare customers handling Protected Health Information (PHI). Covers safeguards, breach notification, and subcontractor handling.

  • Signed BAA before any PHI is processed
  • PHI fields can be classified and access-restricted via Data Governance
  • Audit logs and legal hold meet 6-year HIPAA retention requirements

Penetration test summary

Refreshed annually

Executive summary of our most recent third-party penetration test, including remediation status. Detailed findings shared under NDA.

  • Annual external network and application penetration test
  • Critical and high findings tracked to closure within SLA
  • Detailed report shared with security teams under NDA

For data privacy questions (GDPR DSAR, Data Processing Addendum), workspace owners can initiate requests directly from Settings → Data Governance. For all other inquiries, email security@kavanah.ai.