Skip to content

Cloud Features

Kanoniv Cloud provides advanced capabilities for compliance, governance, multi-tenant deployments, and security.

Overview

Governance & Compliance

FeatureDescription
Compliance & PII MaskingRegulatory frameworks (HIPAA, GDPR, CCPA, SOC 2) with automatic PII masking
Audit LogsFull match trail with rule traces, decisions, and conflict resolution
Source FreshnessDetect stale data sources before reconciliation
Entity HierarchyParent-child relationships with field inheritance
Spec GovernanceYAML spec as single source of truth for all policy

Infrastructure

FeatureDescription
Multi-TenantHierarchical tenant isolation with RLS
SSO & SCIMSAML 2.0 / OIDC single sign-on
SIEMReal-time audit streaming

Cloud Architecture

┌─────────────────────────────────────────────────────────────┐
│                     Platform Owner                           │
│              (Manages all organizations)                     │
└──────────────────────────┬──────────────────────────────────┘

         ┌─────────────────┼─────────────────┐
         ▼                 ▼                 ▼
┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐
│   Org: Acme     │ │  Org: BigCorp   │ │  Org: StartupX  │
│   (Tenant A)    │ │   (Tenant B)    │ │   (Tenant C)    │
├─────────────────┤ ├─────────────────┤ ├─────────────────┤
│ ├─ LOB: Sales   │ │ ├─ LOB: EMEA    │ │ (Single tenant) │
│ ├─ LOB: Support │ │ ├─ LOB: APAC    │ │                 │
│ └─ LOB: Finance │ │ └─ LOB: Americas│ │                 │
└─────────────────┘ └─────────────────┘ └─────────────────┘

SDK Access

Cloud features are available to all SDK clients. No special SDK configuration is required; Cloud capabilities are controlled by your API key's permissions and your tenant's plan.

python
# Cloud features are available to all SDK clients
from kanoniv.client import KanonivClient

client = KanonivClient(api_key="kn_...", base_url="https://api.kanoniv.com")

Data Isolation

All tenant data is isolated using:

  1. Row-Level Security (RLS). PostgreSQL policies enforce tenant boundaries
  2. Application-Level Checks. Every query includes tenant_id
  3. Encryption at Rest. All data encrypted at rest via AWS RDS

Compliance Readiness

StandardSupport
SOC 2 Type IIAudit log, access controls
GDPRRetention policies, data export
HIPAAEncryption, access logging
CCPAData deletion, consent tracking

Getting Cloud Access

Contact us for Cloud pricing and features:

The identity and delegation layer for AI agents.