Akaro is now in early access. Respond to RFPs in minutes, not days.Claim your spot
Akaro

Legal

Security Overview

Last updated: 6 April 2026

Our security commitment

Akaro is built for enterprise revenue teams who handle sensitive commercial, legal, and compliance data. We treat security as a core product requirement, not an afterthought. This page documents the controls we have in place.

Certifications and compliance

SOC 2 Type II

Independently audited annually. Report available to customers under NDA upon request.

GDPR

Full GDPR compliance. DPA available. Data subject rights honoured within 30 days.

HIPAA Ready

Business Associate Agreements (BAA) available for healthcare customers.

ISO 27001 Aligned

Our information security management system aligns with ISO 27001 controls.

Data protection

  • Encryption at rest: All data is encrypted using AES-256.
  • Encryption in transit: All communications use TLS 1.3 with modern cipher suites. HSTS enforced.
  • Data isolation: Complete tenant isolation. No shared storage between customers.
  • No model training: Your data is never used to train shared AI models. Period.
  • Data residency: Choose between EU-West (Ireland) and US-East (Virginia) data regions.

Access controls

  • SSO: SAML 2.0 with Okta, Azure AD, Google Workspace, and any SAML 2.0 provider.
  • MFA: Required for all accounts. TOTP and hardware security keys supported.
  • RBAC: Role-based access control with viewer, contributor, approver, and admin roles.
  • Principle of least privilege: Staff access is scoped to what is required for their role. Access reviews quarterly.
  • Session management: Configurable timeouts. All sessions visible and revokable from your account settings.

Infrastructure

  • Cloud: Hosted on AWS with automatic failover across availability zones.
  • Uptime: 99.9% SLA on Enterprise plans. Status page at status.akaro.ai.
  • Backups: Automated daily encrypted backups with 30-day retention. Point-in-time recovery available.
  • Vulnerability management: Automated dependency scanning, regular security patches.
  • Penetration testing: Annual third-party penetration tests. Results available to enterprise customers under NDA.

Incident response

  • Detection: 24/7 automated monitoring with alerting for anomalous behaviour.
  • Response time: P1 incidents acknowledged within 1 hour, resolved within 4 hours target.
  • Notification: We notify affected customers of data breaches within 72 hours, in compliance with GDPR Article 33.
  • Post-mortems: All P1 incidents result in a public post-mortem within 5 business days.

Responsible disclosure

We operate a responsible disclosure programme. If you discover a security vulnerability in Akaro, please report it to rohan@akaro.ai with "Security Disclosure" in the subject line. We will acknowledge receipt within 24 hours and work to resolve valid issues promptly. We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it.

Requesting security documentation

SOC 2 Type II Report

Request under NDA

Penetration Test Summary

Enterprise customers only

Data Processing Agreement

Download or request signed copy

Security questionnaire

Submit and we'll respond within 2 days