Procurement-ready local AI. Founder-direct contract.
If your CISO bans cloud LLMs on regulated data, kolm is the architecture that ends the argument: compile your model behavior into a single signed file, run it inside the boundary, keep the receipt. Below: the four motions we support, the paperwork your procurement team needs, the design-partner program, and a direct line to the founders.
Where kolm is being bought.
Four regulated motions where local-by-construction is a procurement requirement, not a preference. Same product underneath; vertical pages cover the procurement-relevant detail.
| healthcare · PHI never leaves the network | Chart prep, clinical-note classification, prior-auth summarization. BAA on file at contract. Healthcare → |
| finance · MNPI redaction by construction | Per-trade decision audit, deterministic classifiers, p99 latency budgets. SR 11-7 model-risk language on request. Finance → |
| legal · privilege intact, audit defensible | Redline policy, discovery summarization, cite-check. Matter-level audit log. Per-attorney licensing available. Legal → |
| defense / gov · airgap-strict, reproducible | CMMC L3 path, DFARS 7012 alignment, FIPS-friendly receipt mode (roadmap). SCIF deployment guidance. Defense → |
The paperwork your team needs.
We are early. We are not pretending we are not. What we have is what most procurement teams need to start a pilot: standard-form contracts, security posture documented, audit chain built into the product, and the founders on the call.
| BAA · HIPAA business-associate agreement | Template at /baa. Founder-signed within 48 hours of engagement letter. |
| DPA · data-processing agreement (GDPR-aligned) | Included in same template page. Schedule 1 covers EU subject data, processing categories, transfer mechanism. Sub-processor list is short by design. |
| MSA · master service agreement | Standard SaaS MSA available on request. Mutual NDA available before exchange. Both founder-signable on Docusign. |
| SOC 2 Type I | Q4 2026 target. Type II Q2 2027. We will not claim attestation until the report is in hand. Posture → |
| Annual invoice · PO billing | Enterprise tier billed annually via invoice. Net 30, ACH or wire. PO-required orgs accommodated. Mail founders@kolm.ai. |
| Compliance binder · quarterly PDF | One PDF per quarter: receipt-chain integrity report, K-score regression report, sub-processor delta, incident log. Goes to your auditor unchanged. |
Five pilot slots. Founder-direct.
kolm runs a design-partner program through 30 Sep 2026: five slots, one per vertical, free Pro tier during pilot, weekly founder office hours, named on the homepage at general availability (with consent). We are not pretending to have customers we do not have. We are inviting the first five who want to shape the product.
| healthcare slot · open | Target: regional or multi-state health system, >500 beds, with a CIO sponsor. First workload: chart-prep summarization or prior-auth classification. We bring the architecture, you bring the gold examples. |
| finance slot · open | Target: hedge fund, prop shop, or registered investment advisor with >$1B AUM and an internal compliance team. First workload: MNPI redaction or per-trade-decision audit trail. |
| legal slot · open | Target: AmLaw 200 or boutique with >100 attorneys, IT lead + GC sponsor. First workload: redline policy compiled to .kolm + chain-of-custody export. |
| defense / gov slot · open | Target: prime contractor, FFRDC, or DoD program office. First workload: airgap-strict compile + reproducible bench on an unclassified surrogate dataset, then move to classified mirror. |
| ai-native saas slot · open | Target: Series-B or later AI-product company that has hit the “every prompt is a liability” wall. First workload: capture-and-distill from your current inference traffic into a local LoRA you keep. |
Eight weeks. Three artifacts.
No vague “explore the technology together” pilot. Every design-partner engagement has the same shape: a kickoff scoped to one workload, a compiled artifact under K-score 0.85 by week 4, a production-shadow deployment by week 6, a sign-off package by week 8. If your team cannot commit a security reviewer and a workload owner, this is not the right time.
| week 0 · kickoff | Engagement letter + mutual NDA + MSA. One workload picked. Gold-example collection plan agreed. |
| week 1–3 · gold examples | Your team supplies 80–300 labeled examples. We co-author the K-score axis weights and ship floor for your domain. |
| week 4 · first compile | Compiled .kolm meets your K-score floor on hold-out test. Signed receipt chain demoed end-to-end. |
| week 5–6 · shadow run | Artifact deployed shadow-mode behind your current pipeline. Outputs compared, regressions called out. |
| week 7 · production gate | Workload owner + security reviewer sign. Artifact promoted to primary. Old pipeline kept as fallback for one week. |
| week 8 · sign-off package | You receive: signed artifact, K-score audit report, receipt-chain integrity proof, sub-processor list, MSA executed. Compliance binder Q1 begins next quarter. |
One call. No SDR.
kolm has no sales team. If you are evaluating, you talk to the people who write the code. Mail founders@kolm.ai with the workload you have in mind, your timeline, and whether procurement is gating or you are scoping. We reply within one business day. If we are not the right fit we will say so on the first call.