Kernel logo
Live monitoring by Delve
Kernel Compliance Report
Kernel is in compliance with security best practices, has implemented and is monitoring comprehensive controls, and maintains policies to outline its security procedures.
Ctrl+K

Compliance Certifications

We maintain the highest industry standards and regularly undergo rigorous third-party audits to ensure compliance.

SOC 2 Type IICompliant

SOC 2 Type II

Audited controls for security, availability, and confidentiality trust service principles with an observation period.

Last audit: October 2025
HIPAACompliant

HIPAA

US regulation that safeguards medical data privacy and security. Essential for healthcare providers, insurers, and related tech.

Continuously monitored
ISO 27001In Progress

ISO 27001

A global standard that defines best practices for information security management systems (ISMS) — used across industries.

Continuously monitored
SOC 2 Type IIn Progress

SOC 2 Type I

Audited controls for security, availability, and confidentiality trust service principles.

GDPRIn Progress

GDPR

EU regulation that governs personal data protection and privacy for individuals within the EU. Applies globally to anyone handling EU data.

Continuously monitored

Resource Library

Access our security documentation, policies, and compliance reports.

PDF

SOC 2 Type II

Compliance report

PDF

HIPAA Internal Privacy Policy

HIPAA Internal Privacy Policy document

Updated: December 2025
PDF

Age Verification and Parental Consent Policy

Age Verification and Parental Consent Policy document

Updated: December 2025
PDF

Personnel Security Policy

Personnel Security Policy document

Updated: December 2025
PDF

Acceptable Use Policy

Acceptable Use Policy document

Updated: December 2025
PDF

Data Protection, Accountability, and Privacy by Design Policy

Data Protection, Accountability, and Privacy by Design Policy document

Updated: December 2025

Security controls

Our comprehensive security program includes controls across multiple domains to protect your data.

Access Control & Authorization

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Access Review of Infrastructure
Completed

Compliance with Regulations & Standards

LIVE
Age Verification and Parental/​guardian Consent Process
Completed
Anonymization/​pseudonymization Process Documentation
Completed
Appointment Agreement for EU Representative
Completed

Data Protection & Privacy

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Alerts and Remediation
Completed

Governance & Oversight

LIVE
Anonymization/​pseudonymization Process Documentation
Completed
Background Checks
Completed
Cooperation Agreements/​data Sharing Frameworks
Completed

IT & Operational Security

LIVE
Alerts and Remediation
Completed
Application Outages
Completed
Asset Disposal Procedure
Completed

Risk & Compliance Management

LIVE
Access Control Procedures
Completed
Alerts and Remediation
Completed
Board Charter
Completed

Access Control & Authorization

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Access Review of Infrastructure
Completed
Alerts and Remediation
Completed

Compliance with Regulations & Standards

LIVE
Age Verification and Parental/​guardian Consent Process
Completed
Anonymization/​pseudonymization Process Documentation
Completed
Appointment Agreement for EU Representative
Completed

Data Protection & Privacy

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Alerts and Remediation
Completed
Anonymization/​pseudonymization Process Documentation
Completed

Governance & Oversight

LIVE
Anonymization/​pseudonymization Process Documentation
Completed
Background Checks
Completed
Cooperation Agreements/​data Sharing Frameworks
Completed
Criminal Data Processing Policy
Completed

IT & Operational Security

LIVE
Alerts and Remediation
Completed
Application Outages
Completed
Asset Disposal Procedure
Completed
Asset Register List
Completed

Risk & Compliance Management

LIVE
Access Control Procedures
Completed
Alerts and Remediation
Completed
Board Charter
Completed
Board Meeting Minutes
Completed

Access Control & Authorization

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Access Review of Infrastructure
Completed
Alerts and Remediation
Completed

Compliance with Regulations & Standards

LIVE
Age Verification and Parental/​guardian Consent Process
Completed
Anonymization/​pseudonymization Process Documentation
Completed
Appointment Agreement for EU Representative
Completed

Data Protection & Privacy

LIVE
Access Control Procedures
Completed
Access Restricted to Modify Infrastructure
Completed
Alerts and Remediation
Completed
Anonymization/​pseudonymization Process Documentation
Completed

Governance & Oversight

LIVE
Anonymization/​pseudonymization Process Documentation
Completed
Background Checks
Completed
Cooperation Agreements/​data Sharing Frameworks
Completed
Criminal Data Processing Policy
Completed

IT & Operational Security

LIVE
Alerts and Remediation
Completed
Application Outages
Completed
Asset Disposal Procedure
Completed
Asset Register List
Completed

Risk & Compliance Management

LIVE
Access Control Procedures
Completed
Alerts and Remediation
Completed
Board Charter
Completed
Board Meeting Minutes
Completed
Showing 6 of 7 control categories

Subprocessors directory

We carefully select and monitor all third-party services that process data on our behalf.

Railway logo

Railway

Cloud Infrastructure & Platform Services

SigNoz logo

SigNoz

LOG

AWS logo

AWS

Cloud Infrastructure & Platform Services

PostHog logo

PostHog

Business Apps & Productivity

PlanetScale logo

PlanetScale

DSW

Vercel logo

Vercel

Cloud Infrastructure & Platform Services

Showing 6 of 8 subprocessors

Frequently Asked Questions

Find answers to common questions about our security and compliance practices.

Our Security Commitment

Security Shield

At Kernel, security isn't just a feature—it's foundational to everything we build. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Security is embedded in our DNA, enabling us to deliver innovative solutions without compromising on protection.

Privacy Policy|Terms of Service
Monitored byDelve Logo
Security Shield