Security

Security at every hop

Designed for enterprises handling regulated data. Every routing decision generates a structured audit record. Every data path is governed by a declared policy — not by implicit defaults.

Data plane

Data plane security

TLS 1.3 between all gateway hops — inbound from your app, outbound to every endpoint type.

No prompt or completion stored on Kamiwaza servers by default. Audit log stores metadata only (tenant, policy matched, latency, cost) — not prompt text.

In-transit encryption for private GPU paths. Traffic between gateway and your on-prem GPU cluster goes through your VPC — no public internet traversal.

Air-gap deployment option: run the entire gateway inside your own VPC. Kamiwaza offers a self-hosted deployment mode for regulated environments.

Control plane

Control plane security

API keys scoped per tenant. Each tenant key can only access that tenant's routing policies and audit data.

RBAC for routing policy management. Separate roles for policy readers, policy writers, and audit reviewers.

Audit log for all policy changes. Every routing policy create/update/delete is logged with user, timestamp, and diff.

Webhook alerts for policy violations. Configure alerts when routing attempts are blocked by data class rules.

Compliance

Designed with compliance in mind

Kamiwaza is designed with SOC 2 controls in mind — not currently SOC 2 audited. Healthcare, financial-services, or public-sector buyers needing audited compliance should plan for the audit window in their procurement timeline. FedRAMP and HIPAA-aligned deployment patterns are available via the private GPU routing path. Certification is on our roadmap.

SOC 2 Controls

Designed with controls in mind. Certification on roadmap.

HIPAA-Aligned

Private GPU routing supports HIPAA-aligned deployment patterns.

FedRAMP-Aligned

Air-gap deployment mode supports FedRAMP-aligned infrastructure patterns.

Responsible disclosure

Responsible disclosure

If you discover a security vulnerability in Kamiwaza, please report it responsibly. We commit to acknowledging reports within 72 hours and providing a timeline for resolution.

[email protected]