Kocoro Trust & Security
At Kocoro, trust is the foundation of our platform. We are committed to building a product you can rely on, with security, privacy, and compliance engineered into every layer of our architecture. Our approach is built on a principle of security-by-design, allowing you to innovate and achieve your business goals with confidence.
Kocoro is operated by Ptmind, a company with a longstanding presence in the data industry since 2010, serving over 200,000 customers worldwide.
Ptmind has a proven track record of delivering robust and secure services to clients with the strictest privacy requirements—including government agencies, financial institutions, healthcare organizations, and publicly listed companies.
This depth of experience is the cornerstone of Kocoro’s security posture.
Enterprise-Grade Security
Kocoro’s infrastructure is designed with a multi-layered, defense-in-depth strategy to ensure your data is secure whether it is being transmitted, stored, or processed.
Data Encryption
All customer data is encrypted end-to-end. We use TLS 1.2 or higher for data in transit and industry-recognized encryption algorithms and key lengths for data at rest.
Authentication & Access Control
Access is governed by a strict Role-Based Access Control (RBAC) model, ensuring users are only granted the minimum permissions necessary and can only access information they are explicitly authorized to see.
Advanced Threat Prevention
Our security perimeter includes anti-virus gateways, web tampering detection, and a dedicated Intrusion Prevention System (IPS) combined with iptables, portsentry, and fail2ban to proactively detect and block malicious behavior.
Audit & Logging
We provide comprehensive usage logs and audit functions. The system records important operations such as user logins, data access, and LLM calls. Customers can request to export relevant logs through a designated process.
AI Governance & Data Privacy
We take our responsibility in the age of AI seriously. Your data is yours, and we are committed to transparency and protecting your intellectual property.
Your Data is Never Used for Training
We strictly prohibit the use of any customer data to train third-party AI models. The insights and content you generate with Kocoro remain yours alone.
AI Security
We actively protect our AI systems from security threats, including sophisticated prompt injection and jailbreaking attacks, to ensure the integrity and safety of the platform.
AI Content Safety
We employ a multi-layered approach using technical filtering, human review, and continuous monitoring to ensure that AI-generated content is safe and compliant.
AI Assets Access Control
We provide fine-grained controls over who has permission to create, edit, view, or share AI assets like agents, knowledge base, tools, etc. Our platform is designed to always respect user permissions, ensuring users can only operate on and view content they are authorized to access.
Certified & Compliant
Kocoro is built to meet the needs of global, security-minded organizations. Our practices are independently verified and align with key industry and regulatory standards.
ISMS
ISO/IEC 27001
Validates the Information Security Management System of the group company responsible for system development, maintenance, and operations.
P-Mark
A Japanese certification recognizing our commitment to the protection of personal information.
GDPR
We comply with the EU’s General Data Protection Regulation (GDPR) by lawfully storing, managing, and processing personal data in accordance with EU standards.
APPI
We comply with Japan’s Act on the Protection of Personal Information (APPI) by lawfully storing, managing, and processing personal data according to Japanese regulations.
Platform Stability & Reliability
You deserve a platform you can count on. We have engineered Kocoro for maximum resilience and availability so it's there when you need it.
Proven 99.99% Uptime
In the past year, Kocoro has achieved an actual operational uptime of 99.99%, providing best-in-class reliability.
Backup and Disaster Recovery
We perform daily incremental backups and weekly full backups. All backup data is stored with off-site redundancy across different AWS regions (Japan and US) to ensure data safety against single-point failures.
Hybrid Cloud Infrastructure
We leverage a world-class hybrid infrastructure. Data is securely stored and managed across AWS data centers in Japan and the US, as well as PTMIND's local Japanese data center, which is hosted by Equinix, a leading global data center operator.
Resilient Services
Our services are deployed across a distributed, multi-region architecture. This provides superior performance, stability, and disaster recovery capabilities compared to single-vendor deployments.
Operational Excellence
Our operational practices are designed for proactive security and rapid response, ensuring the continuous, stable operation of the Kocoro platform.
Dedicated Security Team
Our in-house security team, in partnership with third-party security firms, conducts regular vulnerability scanning and penetration testing to proactively secure our systems. If you identify a security vulnerability, please report it to us through our designated channel for prompt handling.
24/7/365 System Monitoring
We utilize automated monitoring systems for real-time, around-the-clock surveillance of our platform, with our operations team on alert to respond to any issues.
Rapid Incident Response
We have a continuously optimized Standard Operating Procedure (SOP) for incident response, refined over 15 years. This includes automated failover to backup servers and redundant network lines to ensure rapid service recovery.