Security Portal

Start your security review
ControlK

Overview

Security is one of Kameleoon's core values, as such we are committed to maintaining a strong posture based on security by design and defense in depth.

Kameleoon has appointed a Chief Information Security Officer to manage this security program, alongside the cybersecurity team members.

Our security program aligns with the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001 as well as the NIST Framework to implement our policies, procedures, and controls.

Our activity relevant to data transfer can be described as "Collection, storage, and analysis of raw data to provide aggregated (or computed) data to analyse experiments and personalizations results."

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO/IEC 27001 SoA Logo
ISO/IEC 27001 SoA
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
PCI DSS Logo
PCI DSS
SOC 2 Type 2 Logo
SOC 2 Type 2

Kameleoon is reviewed and trusted by

Groupe BPCE-company-logoGroupe BPCE
Amundi-company-logoAmundi
OVHcloud-company-logoOVHcloud
Orange-company-logoOrange
Michelin-company-logoMichelin
Renault Group-company-logoRenault Group
Accor-company-logoAccor
Quantum Metric-company-logoQuantum Metric
Samsung-company-logoSamsung
Toyota-company-logoToyota

Documents

REPORTSData Flow Diagram (DFD)
REPORTSPentest Report
REPORTSSecurity Whitepaper
COMPLIANCEGDPR
COMPLIANCEISO/IEC 27001 SoA
COMPLIANCEISO/IEC 27001:2022
COMPLIANCEPCI DSS
COMPLIANCESOC 2 Type 2
SELF-ASSESSMENTSCAIQ
SELF-ASSESSMENTSOther Self-Assessments
LEGALCyber Insurance
AIAI Governance

Risk Profile

Data Access LevelRestricted
Impact LevelModerate
Recovery Time Objective4 hours
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Data Flow Diagram (DFD)
Network Diagram
Pentest Report
View more

Self-Assessments

CAIQ
Other Self-Assessments

Data Security

Access Monitoring
Data Backups
Data Erasure
View more

App Security

Code Analysis
Credential Management
Software Development Lifecycle
View more

AI

AI Overview
AI Security
AI Risk Management
View more

Legal

SubprocessorsHetzner-company-logoOVHcloud-company-logoCloudflare-company-logoGravitee-company-logoMixpanel-company-logo
Cyber Insurance
Privacy Policy
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Status Monitoring
Anti-DDoS
BC/DR
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management

Network Security

Firewall
IDS/IPS
Security Information and Event Management
View more

Corporate Security

Asset Management Practices
Email Protection
Employee Training
View more

Policies

Information Security Policy

Security Grades

SecurityScorecard
Kameleoon
Security Scorecard A grade
CryptCheck
Kameleoon Web Application
A+
ImmuniWeb
Kameleoon Web Application
A
View more

Training

Employee Privacy Training
Phishing Training
Security Awareness Training
View more

Continuous Monitoring

Automated Alert Response
Automated Compliance Monitoring
Data Loss Prevention System (DLP)
View more

Subprocessors

Security Portal Updates

AI Compliance

Copy link
Compliance

Kameleoon has released an updated version of its AI Compliance documentation. This update provides additional clarity on our AI governance framework and expands the level of transparency offered to customers and partners.

Transparency and Governance
The document now includes further details on prompt management, access controls, system traceability, observability, and lifecycle monitoring. These additions clarify how Kameleoon ensures secure, controlled, and auditable AI operations.

AI Agent Model Cards
New model cards have been introduced for two internal AI agents (Kai and PBX). Each card outlines the models used, governance measures, technical safeguards, and relevant performance considerations.

PBX Workflow Documentation
A full description of the PBX workflow has been added. It covers the code-generation process, execution trace logging, screenshot-based verification, and guarantees related to the enterprise API’s non-retention of customer data.

The updated AI Compliance document is now available on the Security Portal. It reflects Kameleoon’s ongoing alignment with the EU AI Act and industry best practices for responsible and transparent AI development.

Appointment of New Chief Security Officer (CSO)

Copy link
General

We are pleased to announce that Louis Trilles has been appointed as Chief Security Officer (CSO) of Kameleoon as of April 2025.
Louis brings deep expertise in information security, compliance (ISO 27001, SOC 2), and DevSecOps, and will lead the company’s security and privacy strategy across all teams and regions.

For any security-related inquiries or audit requests, Louis can be reached at ltrilles@kameleoon.com or dataprotection@kameleoon.com.

If you need help using this Security Portal, please contact us.
Contact support
Built onSafeBase by Drata Logo