kolm
sign in Get API key →
Trust center

Compliance is a build artifact.

Every .kolm ships with a manifest hash, a HMAC-SHA256 receipt chain, and an explicit K-score gate. Every output is cryptographically receiptable. This page is the trust posture: certifications, subprocessors, residency, SLAs, and how to file a security report.

Live status

Engineering posts uptime to a public dashboard. Incidents are written there in plain language with timestamps. No marketing.

kolm.ai surface

36 routes, 100% uptime target. Status page polls each route on a 60s cron.

live

Compile pipeline

Synthesis + verification + registry write. p50 under 8s on the recipe-mode preview.

live

Registry

Public artifact index at /v1/registry/public. Read-only by default; per-tenant write via API key.

live
See full status →

Certifications

Each line below is timestamped. We update this page when an item closes.

SOC 2 Type I - Q4 2026 SOC 2 Type II - Q2 2027 ISO 27001 - 2027 target HIPAA-eligible workflows - /healthcare GDPR DPA - /legal

Enterprise contracts include a custom DPA and BAA where relevant. Mail trust@kolm.ai for the current attestation packet.

Subprocessors

The processors that touch managed-tier customer data. Bring-your-own-key tenants can opt out of any third-party teacher entirely - the local CLI runtime never reaches them.

Vendor Purpose Data class Region
Vercel Hosting for kolm.ai marketing surface Public website only Global edge (US East primary)
Railway Hosting for the managed compile API API request / artifact metadata US West
Anthropic optional Frontier teacher during compile (BYO key) Customer-supplied training samples Anthropic-managed
Stripe Subscription billing Email + billing identifiers Global
SendGrid Transactional email (sign-up, password reset) Email + token US

Every frontier teacher is a BYO-API-key concern. Customer data flows from your environment to your chosen provider; kolm proxies the call but never resells tokens or stores prompt bodies beyond the receipt-chain hash.

Data residency

Where your data sits, where it moves, where it doesn't.

Local CLI runtime

The CLI executes .kolm artifacts on your machine. Inference does not transit kolm.ai. Receipts stay on disk under ~/.kolm/receipts/ until you choose to publish them.

your machine

Managed compile API

Hosted today in US West (Railway). Customer compile jobs may transit your chosen frontier teacher (BYO key). EU residency available on Enterprise.

US West - EU on contract

Registry

Public concepts are mirrored globally; private concepts are pinned to the same region as the compile job. Encrypted at rest with per-tenant keys.

tenant-pinned

Receipts

HMAC chain anchors live in your registry namespace and (optional) on a public Merkle root. The registry never stores plaintext output - only the SHA-256 hash.

hash only

Service level

Uptime, response time, and incident communication commitments. Reproducible numbers. No vague language.

PlanUptime targetSeverity-1 ackCompile queue p50
Developer ($0)Best-effortBest-effort10 minutes
Pro ($49)99.5%1 business day5 minutes
Teams ($149)99.9%8 hours (Slack)3 minutes
Enterprise ($2,999)99.95%1 hour1 minute or dedicated queue

Vulnerability disclosure

Coordinated disclosure with a real human, fast. Bug bounty brackets below; out-of-scope examples after.

How to report

Mail security@kolm.ai with the affected URL, reproduction, and your contact. Encrypted reports welcome via the PGP key in /.well-known/security.txt.

RFC 9116 compliant

Bounty brackets

Critical RCE / receipt-chain forgery: $500-$2,000. High auth/billing: $250-$500. Medium IDOR/XSS: $100-$250. Low: swag + credit. Out-of-scope: rate-limit policy, missing CSP nonces (we use 'unsafe-inline' on inline JS pending the CSP-nonce migration).

live brackets

How verification works

A plain-language threat model. What kolm signs, what tampering looks like, what verification proves.

The chain

manifest.json   = { artifact_id, base_model_hash, recipe_pack_hash, k_score, build_time }
manifest_hash   = sha256(manifest.json)
receipt[0]      = HMAC(secret, manifest_hash)
receipt[i]      = HMAC(secret, receipt[i-1] || input_hash[i] || output_hash[i])
signature       = HMAC(secret, receipt[N])

Each receipt depends on the previous one. You cannot insert, reorder, or remove a single output without invalidating every later receipt in the chain. The signature at the tail is what an auditor checks against the published artifact_id and the build's HMAC public reference.

Verify a receipt yourself

Public endpoint, no auth, no SDK. Paste any receipt below — the widget POSTs to /v1/receipts/verify, walks the HMAC chain server-side, and returns each broken ring by name: chain[3] hmac mismatch, signature mismatch, chain[4] not anchored to chain[3]. The CLI's kolm verify calls the same endpoint.

receipt JSON
accepts v0.1, drive-by, or rs-1 legacy

Or, programmatically:

curl -s -X POST https://kolm.ai/v1/receipts/verify \
  -H "Content-Type: application/json" \
  -d '{"receipt": {"kolm_version":"0.1", "artifact_hash":"...", "chain":[...], "signature":"..."}}'

Optional Sigstore Rekor anchor

Receipts can carry an anchors array. The http kind references our public Sigstore Rekor entry; arweave, btc-op-return, and ots let regulated buyers anchor receipts to substrates the supply-chain auditor already trusts. v0.1 runtimes ignore the field if absent. Schema: receipt-v0.1.json.

What this defends against

  • Output tampering. If a downstream system rewrites a model output, the recomputed receipt diverges and the chain breaks.
  • Model swap. If a deployed .kolm is replaced with a different artifact, the manifest hash differs and the K-score gate fails.
  • Behavior drift. The K-score gate is recomputed on a held-out test set at every release. A drifted artifact does not promote.
  • Input replay. Each receipt embeds the input hash. A replay with different inputs produces a different chain.
  • Auditor fraud. The chain is verifiable by anyone with the public anchor - no trust required in the auditor's claim.

What this does not defend against

  • Malicious training data. If your --examples are poisoned, the artifact is poisoned. Verification is honest about provenance, not correctness.
  • K-score gaming. If the verifier itself is built from the same data it scores, the K-score is uninformative. Use a held-out test source.
  • Compromised signing secret. Standard HMAC threat model: protect the secret. Enterprise plan rotates per-tenant.

Downloads

Schemas, security policy, and machine-readable trust assets.

RS-1 spec

rs-1.md - the open spec for the .kolm artifact format and receipt chain. MIT-licensed.

spec

Manifest schema

manifest-v0.1.json - JSON schema for the .kolm manifest. Validate with any standard tool.

schema

Receipt schema

receipt-v0.1.json - JSON schema for the receipt chain.

schema

security.txt

/.well-known/security.txt - RFC 9116 contact and disclosure policy.

RFC 9116

Last updated 2026-05-08 / kolm v0.1.0 / trust@kolm.ai