Komped, a product of Runway EXO LLC, is built with security at its core. Your commission data is sensitive financial information, and we treat it that way.
All data is encrypted at rest and in transit using industry-standard TLS 1.2+. Our PostgreSQL database connections are secured with SSL, and all API keys are hashed before storage — never stored in plaintext.
Komped enforces role-based access control (RBAC) with six distinct permission levels. Multi-tenant data isolation ensures every database query is scoped by tenant_id — your data is never accessible to other organizations.
Every change to financial data — commission rates, deal values, statement approvals, and plan modifications — is recorded in a complete audit log with timestamps, user attribution, and before/after values.
Passwords are hashed using bcrypt via werkzeug's security module. All forms are protected against CSRF attacks, and sessions are managed with secure, HTTP-only cookies.
Komped is hosted on Railway.app with managed PostgreSQL databases. Infrastructure includes automated backups, encrypted connections, and isolated runtime environments.
Komped is committed to achieving SOC 2 Type II certification. We are currently implementing controls aligned with SOC 2 Trust Service Criteria.
Komped provides ASC 606 commission expense reporting to support your accounting team's compliance requirements.
Tenant data is retained for 7 years to support audit and compliance needs. Full data export is available on request, and account deletion with complete data removal is available upon tenant request.
For security-related inquiries, vulnerability reports, or compliance questions, please contact us at security@komped.ai.