Security & Compliance

Security & Compliance

Keto Software is committed to safeguarding our customers' data through the rigorous implementation of an Information Security Management System (ISMS), firmly anchored in the ISO 27000 series of standards. Our ISMS has achieved certification under ISO 27001, as independently verified by KPMG IT Certification Ltd, ensuring our adherence to the highest standards of data security and integrity.

Security & Compliance

Secure Data Centers

Our services are provisioned via virtual machines on Google Cloud Platform’s Compute Engine, known for its robust security certifications including ISO 27001, ISO 27017, ISO 27018, and SOC 1/2/3. This enables us to offer our services from various locations, offering our customers the flexibility to select their data’s geographical storage.

Single Sign-On and Identity Access Management

Our system integrates user accounts and authorization seamlessly via Microsoft Entra (Azure Active Directory) and Graph API for Single Sign-On (SSO) authentication, complemented by SAML-based SSO solutions. This approach ensures stringent user authentication while aligning with the security protocols established in our customers’ identity management frameworks.

Within Keto, access rights and authorizations are meticulously managed through user groups and role-based access control mechanisms. This sophisticated structure allows us to dynamically adjust access to information, tailoring it to the specific roles of users and the metadata of the data they need to access. Consequently, this facilitates a secure yet flexible environment, where all users can work with the same datasets without compromising on data security.


At Keto Software, we not only prioritize the privacy and security of your data but also ensure full compliance with the General Data Protection Regulation (GDPR) in our role as a Data Processor. We are dedicated to handling your data responsibly and securely, adhering strictly to GDPR guidelines to manage personal data on behalf of our customers.

AI and Data Security Considerations

Keto seamlessly integrates with various AI engines, including ChatGPT, Gemini, and DeepL, affording our customers the flexibility to leverage their own AI subscriptions. This integration enhances control over the utilization of artificial intelligence, ensuring a tailored and secure experience.

Advantages of Utilizing AI Engines through Keto AI+:

  • Customizable Field-Specific Controls: Keto AI+ empowers users with the ability to restrict or allow the use of AI technologies in specific contexts, ensuring compliance with regulatory and organizational policies.
  • Comprehensive Logging: Keto maintains detailed records of all AI+ interactions, facilitating the monitoring and investigation of any potentially malicious uses.
  • Enhanced Data Security and User Experience: By using Keto AI+, users benefit from superior data protection and a more seamless experience compared to the risks associated with unsecured AI services, such as text copying into freely available online tools (e.g., Google Translate or free ChatGPT services hosted on servers outside local jurisdiction).

Keto AI+ guarantees that data engaged in our platform is excluded from AI model training processes and is not retained within the AI models themselves. Additionally, we offer precise controls over the geographic location where AI data processing occurs, ensuring adherence to local data privacy regulations.

Data Encryption

All network traffic within our services is protected with TLS encryption, and all stored data is encrypted at rest, maintaining the highest standards of data security.

Customer Segregation

We ensure the segregation of customer environments, with each client provided with dedicated databases, websites, and service accounts. This structure is key to limiting access to data solely to the respective customer, enhancing data privacy and security.

Penetration Testing and Monitoring

We undergo annual third-party penetration testing to identify and mitigate potential vulnerabilities. Additionally, we employ a comprehensive array of methods and technologies for threat intelligence, ensuring the security of our services at all times.

Business Continuity and Disaster Recovery

In the unlikely event of irretrievable data loss, we guarantee a Recovery Time Objective (RTO) of 48 hours and a Recovery Point Objective (RPO) of 24 hours. For extended data centre outages, we pledge to re-establish services in an alternate facility within two weeks, adhering to the same RPO. Annually, we conduct thorough audits to ensure our business continuity and disaster recovery strategies are fully effective.


Read next