Last updated: April 2026
At Kor ("we", "our"), we take information security and privacy very seriously. This policy describes how we protect our clients' data and the processes we implement to guarantee the confidentiality, integrity, and availability of information.
We implement appropriate technical and organizational security measures to protect data against unauthorized access, alteration, disclosure, or destruction. This includes data encryption in transit and at rest, where applicable.
Access to systems and client data is strictly limited to authorized Kor staff who need that information to perform their duties. All our employees and partners are subject to confidentiality agreements.
When implementing agents and automation workflows, we prioritize local solutions in which information does not leave the local server. When this is not possible, we ensure that integrations with third-party services (such as AI platforms, CRMs, or ERPs) are carried out using secure protocols (OAuth, securely managed API keys) and minimizing required permissions (principle of least privilege). In all cases, we are governed by European regulations based on the General Data Protection Regulation (GDPR), the Data Act, and the Data Governance Act.
We retain information only as long as necessary to fulfill the purposes for which it was collected. After the completion of a project, the client's data can be permanently deleted from our systems upon express request.
If you have questions about our security policies, contact us at: hello@korautomate.com.