Keelmark

Security and data

How Keelmark handles your deal data

Keelmark is built for confidential underwriting materials. This page explains, in plain language, where your documents live, what touches them, and what never happens to them. It is written for pilot firms and the IT reviewers who vet us.

Last reviewed June 2026.

Your firm's data is isolated

Every deal, document, and extracted value is scoped to your firm's account. Isolation is enforced inside the database itself with row-level security policies, not just hidden by the interface.

Uploaded files live in private storage buckets that are never publicly accessible. Other Keelmark clients cannot see your deals, your files, or anything derived from them.

Encrypted, and stored in Canada

Data moves over TLS and is encrypted at rest. Deal data is stored on enterprise infrastructure (Supabase on AWS) in the ca-central-1 region in Canada, and the application runs in Toronto.

Every upload is scanned before it is parsed

Each file you upload is checked by a private malware scanner before the system opens or parses it. The scanner runs on a private network and is not reachable from the public internet.

If a scan fails, or the scanner is unavailable, the file stays blocked from parsing and the workspace says so plainly. There is no bypass.

How AI is used, exactly

Keelmark uses the OpenAI API to read document text and propose values, each with a citation to the page it came from. Calls are made with storage disabled (store: false), and OpenAI does not train its models on API data.

Only document text is sent for extraction. Your account details and firm identity are not part of the request, and no third-party analytics services touch deal files.

AI never writes your model

Extracted values are proposals, not entries. A human reviewer approves, edits, or rejects every value before it can enter a model, and each proposal carries its page-level citation so the reviewer can check the source.

All financial calculations downstream of review are deterministic and tested. The AI reads documents; it does not do the math.

Learning stays inside your firm

When your reviewers correct an extraction, Keelmark learns from that correction for your firm only. The memory is scoped to your account and improves your own future extractions.

A shared improvement pool exists in the architecture, but it is off by default and strictly opt-in, and anything entering it is stripped of deal names, addresses, tenants, and other identifying details first.

You can delete your data at any time

Deleting a pilot deal removes its source metadata, private source files, generated workbooks, and derived evidence rows. For full account removal, ask your Keelmark contact and we will confirm when it is complete.

Where we are on compliance

Keelmark is an early-stage pilot product, and we believe in being straight about that: we are not SOC 2 certified yet. A formal certification path is on the roadmap as the pilot matures.

The controls described above are real engineering controls, not aspirations. If your IT or security team wants to go deeper, ask your Keelmark contact and we will walk through the architecture together.