Back to home

Security

Last updated: March 28, 2026

KolmoPDF is designed to handle customer documents with care. This page summarizes our approach to security, operational access, data handling, and incident response for our website and digital services.

Security Program

We use commercially reasonable administrative, technical, and organizational safeguards designed to protect customer data against unauthorized access, alteration, disclosure, or destruction.

Our security approach is intended to support secure product development, access management, change management, monitoring, and operational review as the service evolves.

Access Controls and Confidentiality

Access to customer data is limited to authorized personnel and service providers who need that access to operate, maintain, support, secure, or improve the service.

Access rights are intended to follow least-privilege principles where reasonably practicable, and sensitive operational access may be logged, reviewed, or restricted according to business need.

Infrastructure and Data Protection

We use modern cloud and web infrastructure controls appropriate for an online software service. Security protections may include authentication controls, encrypted transport, network protections, backups, monitoring, and environment separation where applicable.

No method of transmission over the internet or method of electronic storage is completely secure, so we cannot guarantee absolute security.

Payments and Third-Party Providers

Payments are processed by specialized third-party payment providers, including Stripe. We do not store full payment card details on our website.

We may also rely on third-party providers for infrastructure, communications, analytics, and security operations. These providers are expected to process data only as needed to perform services for us or as otherwise permitted by law.

Retention, Deletion, and Incident Response

We retain data for as long as reasonably necessary to provide the service, maintain records, resolve disputes, enforce our agreements, and meet legal obligations. When data is no longer needed, we aim to delete or de-identify it within a reasonable operational timeframe, subject to backups and legal requirements.

If we become aware of a security event that materially affects customer data, we aim to investigate, mitigate, and take follow-up action as appropriate under the circumstances and applicable law.

Security Contact

If you have a security question, need to report a potential vulnerability, or require additional privacy information for a business review, please contact hello@komoai.llc.

We may request additional details to validate and triage the report before responding.