Your franchise data, guarded end to end.
KERNL holds the operations manuals, training records, and compliance data your network runs on. Here is exactly how we protect it — and the controls you keep over your own data.
// ENCRYPTION
Encrypted in transit and at rest
All traffic is protected with TLS. Data is encrypted at rest with AES-256. Documents live in a private Cloudflare R2 bucket and are served only through short-lived, signed URLs — never a public link.
// ISOLATION
Database-level tenant isolation
Every multi-tenant table is protected by row-level security. One franchise network can never see another's data — the boundary is enforced by the database itself, not just the application layer.
// ACCESS
Least-privilege access & 2FA
Role-based, least-privilege access with optional two-factor authentication (TOTP). Authentication is self-hosted, so your credentials are never handed off to a third-party identity vendor.
// AUDITING
Timestamped audit logging
Sensitive actions are recorded with timestamps, giving you an accountable trail of who did what — and error monitoring surfaces problems before they spread.
// OWNERSHIP
Your data, your control
Export your data whenever you want and request deletion at any time. We never use your data to train AI or machine-learning models without your separate written consent.
// COMPLIANCE
GDPR & CCPA aligned
A Data Processing Agreement is available for franchisor customers, and transfers from the EEA, UK, or Switzerland rely on Standard Contractual Clauses. We do not sell your data.
Read the fine print — we mean it.
Our full list of sub-processors, retention periods, and your rights under GDPR and CCPA/CPRA live in the documents below. If you believe you have found a security vulnerability, please email legal@kernlapp.com and give us a chance to address it before disclosing publicly.