Governance and Controls
Kindo provides a comprehensive governance framework that ensures AI usage across your organization remains secure, compliant, and auditable. Every interaction — whether through chat, agents, or the API — passes through these controls.
Core Governance Capabilities
Data Loss Prevention (DLP)
DLP filters run on every request and response, scanning for sensitive data before it reaches AI models:
- PII Detection — Automatically identifies and redacts personal information (names, emails, phone numbers, SSNs)
- Credential Detection — Catches API keys, passwords, tokens, and connection strings
- Custom Patterns — Define organization-specific patterns to protect proprietary data
- Per-Model Controls — Enable or disable DLP filters for specific models
DLP uses Presidio for entity recognition and can be configured by administrators under Settings > Security.
Role-Based Access Control (RBAC)
Control who can do what across the platform:
| Role | Capabilities |
|---|---|
| User | Chat, run shared agents, use approved integrations |
| Agent Creator | Create and share agents, configure workflows |
| Administrator | Manage models, integrations, security settings, users |
Administrators assign roles and manage permissions through the Security panel.
Beyond role-based access, Kindo provides tool action access controls that govern which integrations and specific tool actions are available to users and AI agents. Administrators configure these at the organization level and refine them per user group. See Tool Action Access Controls for the full configuration guide.
Audit Logging
Every action in Kindo is logged:
- Chat messages and model responses
- Agent executions and step-by-step results
- API calls and authentication events
- Configuration changes and administrative actions
- Integration connections and data access
Audit logs can be exported to external SIEM systems (Splunk, Datadog) via the audit log exporter service.
Model Access Controls
Administrators manage which AI models are available:
- Enable/Disable models — Toggle model availability organization-wide
- New provider policy — Control whether new model providers are automatically enabled
- New model policy — Control whether new models from enabled providers are automatically activated
Policy Enforcement
Kindo enforces policies at the platform level, not at the model level. This means:
- Policies apply uniformly regardless of which model a user selects
- Switching models does not bypass DLP, RBAC, or audit requirements
- Agent actions are governed by the same rules as interactive chat
Compliance Support
Kindo’s governance features support common compliance frameworks:
| Framework | Relevant Controls |
|---|---|
| SOC 2 | Audit logging, access controls, encryption |
| GDPR | DLP, data residency (on-prem), right to erasure |
| ISO 27001 | RBAC, audit trails, security policies |
| NIST CSF | Monitoring, access management, incident response |
For FedRAMP requirements, deploy Kindo on-premises in an approved cloud environment (e.g., AWS GovCloud) under your own authorization boundary.
Next Steps
- Configure Security Controls to set up DLP and model access policies
- Configure Tool Action Access Controls to manage which integrations and tools are available per user group
- Set up SSO to integrate with your identity provider
- Learn about Agents to understand how governance applies to automated workflows