A governance posture you can describe to auditors
This page summarizes the controls Keystacker provides today. We do not claim certifications we do not hold.
Encryption at rest and in transit
Data is encrypted at rest and in transit across all plans. Cryptographic specifics are shared under NDA during procurement.
Per-organization key isolation framework
Each customer organization operates inside its own key scope. Credentials never cross tenant boundaries.
Role-based access control
Eight roles map to operations, security, billing, and read-only personas. Vault and asset membership are scoped per organization.
Audit trail
Every user and admin action is recorded with actor, scope, and timestamp. The audit trail is exportable for review.
Export encryption governance
There is no unencrypted export pathway. Exports are encrypted and recorded in the audit trail.
BYOK framework
Bring-your-own-key governance for AWS KMS, Azure Key Vault, and Google Cloud KMS is available as a framework on Enterprise plans. Runtime maturity is documented per provider — talk to us for your specific deployment.
Responsible disclosure
Found something? Read our responsible disclosure policy and reach out.
Responsible disclosure