Kernel is designed for environments where data flow, auditability, and deployment boundaries matter.
Kernel evaluates agent behavior without accessing the execution context. The flow is intentionally narrow:
What Kernel never needs: customer names, email addresses, API keys, free-text conversation content, function arguments beyond the action type and amount. The payload is structurally minimal by design.
TLS 1.3 required for all API connections. Certificate pinning available for self-hosted deployments.
AES-256 encryption for all stored evaluation data. Keys are tenant-isolated and rotated every 90 days.
Each tenant operates in a separate database schema with row-level security. No cross-tenant access is possible.
Self-hosted deployments run in your VPC with no outbound internet requirement. Hosted tenancy uses dedicated private networking.
Managed Kernel API with automatic upgrades, 99.95% uptime SLA, SOC 2 audit in progress. No infrastructure management.
Single Docker container with PostgreSQL. Data never leaves your network. Full control over upgrades and retention. Same API, same signal logic.
Default retention: 90 days for evaluation history and signal scores.
Extended retention: Configurable up to 7 years for regulatory compliance (FINRA, SOX, etc.).
Deletion: Tenant-initiated deletion processed within 48 hours. Full purge includes all evaluation records, signal scores, and agent state. Partial deletion available by session or agent ID.
Data portability: Full export available in JSONL format via API. Every evaluation includes a unique evaluation_id for cross-referencing with your own audit logs.
Audit in progress. Covers security, availability, and confidentiality trust principles.
Available on request. Covers GDPR and CCPA data processing requirements. Standard DPA with no unusual exclusions.