Security overview
Controls and disclosure.
Kaptrix operates as institutional diligence infrastructure. Security controls are designed for institutional teams handling sensitive target-company artifacts during pre-investment evaluation.
Tenant isolation
Engagement data is logically segregated per client. Artifacts and scoring records are not shared across engagements or used to train shared models.
Access controls
Role-scoped access for client teams and Kaptrix operators. Administrative actions are logged with timestamp, actor, and outcome.
Encryption
TLS in transit. Encryption at rest for client artifacts, generated reports, and audit logs.
Audit trail
Every scoring decision, confidence trigger, and admin calibration is recorded with the evidence and reasoning behind it.
Subprocessors
Limited to infrastructure providers required to operate the platform. A current list is available on request for qualified institutional teams.
Coordinated disclosure
Report a suspected vulnerability to security@kaptrix.com. Please include reproduction steps and affected surface; do not include client data.