Security

Your data. Your environment.
Isolated by design.

KappaForge deploys as a dedicated tenant for every customer — separate compute, separate network, separate data. Security starts at the architecture, not at the checklist.

See the model
Tenant ASouth AmericaAppDatabaseStreamStorageDEDICATED VPCTenant BNorth AmericaAppDatabaseStreamStorageDEDICATED VPCTenant CEuropeAppDatabaseStreamStorageDEDICATED VPCNO LINKNO LINKDEDICATED TENANT MODELSeparate compute · Separate network · Separate data · Separate blast radius
Three pillars

Security that isn't bolted on.

Every customer gets a dedicated environment, hardened identity flow, and encryption across the stack — the defaults you'd expect from infrastructure, not from SaaS.

Isolation

Dedicated tenant per customer

Each customer runs on its own isolated infrastructure. No shared databases, no shared message brokers, no neighboring tenants. One customer cannot reach, see, or affect another.

  • Dedicated compute and storage
  • Isolated network boundary per tenant
  • Customer-selected deployment region
  • Optional customer-hosted deployment
Identity

Hardened authentication

Token-binding authentication stops stolen credentials from being reused. Role-based access enforces least privilege across every endpoint, every integration, every action.

  • Short-lived tokens with session binding
  • Role-based access control (Viewer · Operator · Engineer · Admin)
  • Rate-limited login and ingest endpoints
  • SSO / LDAP for Scale and Enterprise tiers
Data

Encrypted, exportable, yours

Encryption at rest and in transit. Data sovereignty by region. And — always — a guaranteed export path. Your data belongs to you, not to us.

  • TLS 1.2+ in transit, AES-256 at rest
  • Encrypted backups and point-in-time recovery
  • Full export guaranteed — even post-cancellation
  • Auditable access logs across the stack
Edge security

Safe by construction on the plant floor.

Our connectivity appliance is designed for the OT / IT divide. It reads from the plant. It talks only to your cloud. Nothing reaches back in.

Read-only from OT

The appliance only reads from controllers. Write paths are not compiled into the binary — it cannot change a setpoint even if instructed.

Outbound only

No inbound ports. No remote management. Traffic leaves the plant over an encrypted outbound channel. The cloud never pushes to the appliance.

Machine-bound identity

Appliance credentials are bound to hardware. A stolen token is unusable on different hardware, and certificates are pinned to prevent interception.

Encrypted local storage

Full-disk encryption on the appliance. Buffered data stays safe if the unit is lost, stolen, or physically tampered with.

Network separation

Dual-network appliance design keeps your OT network from ever routing to the internet — and your IT network from ever reaching the plant.

Minimal attack surface

Hardened base image, no GUI, no remote shell, signed updates. The less that runs, the less can be attacked.

Compliance posture

Aligned with the standards your auditors care about.

KappaForge's architecture is designed around the controls that matter for industrial operators and data-conscious enterprises: access control, cryptography, data sovereignty, and OT/IT separation.

We are happy to walk your security team through our architecture, threat model, and deployment options during procurement.

ISO 27001aligned
IEC 62443OT security
OWASP ASVSweb security
LGPDBrazil
Ley 25.326Argentina
GDPREU — on customer request
Shared responsibility
We handle
Application security, infrastructure hardening, patching, encryption, backups, audit logs.
You handle
User access decisions, role assignments, integration credentials you bring, and your operational runbooks.
We verify together
Third-party penetration testing, architecture review, incident response drills — on request.
Ready when your security team is

Let's review the architecture together.

We'll walk through isolation, identity, encryption, and deployment in detail.