How can we help?
Articles, walkthroughs, and reference material. Can't find what you need? Try the search or ask the chat widget.
Browse by topic
6 topicsGetting started
First steps, onboarding, and platform tours.
ExploreSecurity & compliance
Data isolation, audit logs, and compliance posture.
ExploreAudit log
Articles and reference material.
ExploreBilling
Plans, invoicing, and procurement.
ExploreFrameworks
Articles and reference material.
ExploreGovernance
Articles and reference material.
ExploreLatest
19 articles- May 23, 2026Getting started
What is Kommit?
Kommit is the control plane for enterprise AI agents — the layer that sits *above* the agents doing the work, governs what they're allowed to do, and produces the evidence your compliance team needs to defend that work t
- May 23, 2026Getting started
Roles and permissions
Kommit ships with three first-class roles. Every user in an organization has exactly one of them. Roles can be changed by an Owner from the Members page. ## The three roles ### Owner - Can do everything a Member can d
- May 23, 2026Getting started
How the 14-day audit pilot works
The audit pilot is how most customers start with Kommit. It's a fixed-scope, fixed-deliverable engagement that gives you a written audit report against your current AI surface — with or without you continuing afterwards.
- May 23, 2026Security & compliance
Where does my data live, and how is it encrypted?
All Kommit application and database infrastructure runs in the EU on Hetzner Cloud. There is no Vercel, no AWS, and no non-EU cloud in the production path today. We chose Hetzner specifically because it keeps EU data ins
- May 23, 2026Security & compliance
How does Kommit isolate my org's data?
Kommit is a multi-tenant platform — every customer ("organization") shares one application instance and one Postgres database, but every row belongs to exactly one organization, and the database itself refuses to return
- May 23, 2026Security & compliance
Data deletion and retention
Kommit deletes the data you tell us to delete, when you tell us to delete it. There is no soft-archive layer and we do not retain customer data "for compliance reasons" beyond what's described below. ## Per-object delet
- May 23, 2026Billing
Invoices, POs, and Net-30 terms
Kommit invoices you directly — there is no third-party reseller in the path for any tier. This article covers the operational specifics that AP and procurement teams ask about. ## Default billing terms | Item | Default
- May 23, 2026Billing
Kommit's three engagement shapes
After the [14-day audit pilot](#how-the-14-day-audit-pilot-works), customers usually move to one of three engagement shapes. Each is designed for a different scope of AI surface and a different compliance posture. We del
- May 23, 2026Integrations
Supported ingestion sources
Kommit ingests agent activity from three categories of source. This list reflects what's live today; the roadmap below covers what's coming. ## Live today ### LLM provider call sites These connect at the SDK call site
- May 23, 2026Integrations
Connecting your first agent
Most customers start with one AI agent in scope, see the audit report come together, and then expand. This article walks through the connect step end-to-end so you can get an agent into Kommit's scope in 15–30 minutes.
- May 23, 2026Audit log
The hash-chained audit log explained
Every governed action in Kommit writes a row to a tenant-scoped audit log. The log is **hash-chained** — each row's hash includes the previous row's hash — so retroactive edits or deletions are detectable on inspection.
- May 23, 2026Audit log
Exporting audit logs for your auditor
You can export your tenant's audit log at any time via the dashboard or the API. The export includes every row plus the hash chain metadata, so the auditor can verify integrity on their side without trusting Kommit. ##
- May 23, 2026Frameworks
Is Kommit SOC 2 certified?
**No.** Kommit is not SOC 2 certified, and we will not describe Kommit itself as "SOC 2 ready" or "SOC 2 certified" anywhere — that would be misleading. What Kommit does ship is the **control library and evidence-collec
- May 23, 2026Frameworks
How Kommit supports your GDPR posture
Kommit is not "GDPR certified" — there is no such certification. What we do is operate the platform in a way that fits inside your GDPR controller-processor model and gives you the levers GDPR requires you to be able to
- May 23, 2026Frameworks
How Kommit supports your EU AI Act readiness
The EU AI Act is being phased in across 2025–2026. Kommit isn't "EU AI Act certified" — that designation doesn't exist for platforms. What we ship is the **evidence-collection plumbing** that makes the documentation, mon
- May 23, 2026Governance
The Policy library — what's in it, what isn't
Kommit's Policy library is a set of pre-built controls that governs what your AI agents are allowed to do, who has to approve what, and what gets logged. You enable the policies that match your scope; we ship a starter s
- May 23, 2026Governance
Setting up the /access control matrix
The `/access` page is the live, single-screen view of who can do what inside your Kommit-governed AI surface. Every user, every agent, every connected system — listed against the actions they're authorised to take, with
- May 23, 2026Administration
Single sign-on (SSO) setup
Kommit supports SSO via SAML 2.0 and OIDC for Build, Enterprise, and Founding-customer tiers. Govern tier customers can use Google Workspace sign-in directly, but the SAML/OIDC IdP integration is a paid feature. ## What
- May 23, 2026Administration
Inviting teammates + role defaults
Anyone with the Owner role can invite teammates. This article covers the invite flow, what new invitees see, the role defaults we shipped (and why), and the teardown path when someone leaves. ## Sending an invite Setti
Didn't find what you need?
Reach a human directly, or ask the chat widget once it lands — it's trained on every article above.