What a B2B buyer can verify about Kelvia in under two minutes.
This page avoids testimonials, empty badges, and source-free metrics. Every claim points to a public artifact or clearly states what is not published yet.
Artifacts you can open now
A buyer validating identity, privacy posture, API surface, or security contact should not need a sales deck first.
Named legal operator
Public legal pages identify Santiago Moreno Arce, Kelvia, and the public NIF ES48656100Z.
Trademark filing you can check
The M4377937 filing can be verified directly in the OEPM registry without sales access.
Public privacy and security artifacts
Privacy, cookies, humans.txt, and security.txt are public and linkable.
Artifacts you can open now
A buyer validating identity, privacy posture, API surface, or security contact should not need a sales deck first.
Public legal identity, NIF, and governing law.
GDPR rights, retention periods, and [email protected] contact.
Opt-in analytics only, with Google Analytics and Microsoft Clarity disclosed.
Public responsible disclosure entry point aligned with RFC 9116.
Who maintains the product and how to reach them.
Public HTTP surface available for technical review.
Public identity before company theater.
The identity shown here is limited to what already appears in public legal pages, trademark records, and public contact points. No inflated titles and no invented team page.
Santiago Moreno Arce
Founder and public operator
Santiago Moreno Arce is publicly listed in the legal and privacy pages as the operator behind Kelvia. The commercial name shown here matches the public M4377937 trademark filing and the published legal contacts.
Public facts
Verifiable links
Public founder profile.
Public founder program page.
Published legal contact from the terms page.
Published GDPR contact from the privacy page.
Public trademark filing.
What is publicly documented today about privacy and processing.
Everything below is limited to what is already published in privacy, cookies, help, or operational documentation. If there is no public source yet, the gap is called out.
Published GDPR baseline
The public privacy policy states access, rectification, erasure, restriction, portability, and objection rights, with a stated 30-day response window.
Published retention
Call recordings and transcripts: 90 days by default. Account deletion: permanent deletion within 30 days unless a legal obligation applies.
Published subprocessors
AI providers: OpenAI, Google, and ElevenLabs. Payments: Stripe. Email: SMTP providers. Marketing analytics only with consent: Google Analytics and Microsoft Clarity.
Data residency
Kelvia does not publish a buyer-verifiable 'EU-only' guarantee for the full platform today. The deployment guide uses Frankfurt as an example region, but that is not presented here as a global contractual claim.
A public disclosure channel without pretending there is a full program yet.
There is now a public responsible disclosure channel and public technical controls already described in the privacy page. The remaining gaps for deeper enterprise review are called out directly.
Published security.txt
PublishedThe public file points to the current contact channel and this disclosure policy.
Public PGP key
PendingNot published yet. This page does not fake a key that is not operational.
Public advisory history
PendingNot published yet. This page does not claim 'zero vulnerabilities' because that is not externally verifiable today.
Published technical controls
PublishedPrivacy policy already states TLS, bcrypt, tenant isolation, audit logging, and SHA-256 hashing for API keys.
Public channels
Primary source for responsible disclosure contact.
Current public email channel for security reports.
The privacy policy already describes TLS, bcrypt, tenant isolation, and audit logging.
An honest gap beats a made-up percentage.
Kelvia reserves status.kelvia.ai as the public destination for uptime and incident reporting. Today there is no buyer-verifiable 90-day uptime percentage or public postmortem archive, so this page says that plainly.
Public status
Planned host: status.kelvia.ai. Uptime history and event reporting will be published there when the public monitor is live.
status.kelvia.aiLast 90 days
No public verifiable percentage is published yet. This page does not reuse the marketing '99.9%' target as operational evidence.
Postmortems
No public postmortem archive exists yet. When it does, links will live here and on the public status host.
What is shipped, in progress, and still waiting to be published.
This transparency roadmap prioritizes buyer-verifiable artifacts. The columns below exist to tell the truth about publication state, not to manufacture momentum.
Published
In progress
Planned
Today, correction requests and artifact requests are handled by email. A public Git PR workflow will be added when the repository is publicly reachable without private access.
No logos or quotes until there is explicit permission.
Kelvia does not publish customer logos, customer counts, or named testimonials without written approval. Until at least three references are approved for public attribution, this section stays intentionally minimal.
Founder Program is the current fallback
If you are evaluating Kelvia before formal public references exist, the Founder Program is the right path. That is preferable to fabricated social proof or unapproved brand use.
Public placeholder, without pretending openness already exists.
There is no public open-source package linked from this page yet. When that changes, this section will publish the repository, license, versioning, and maintenance policy.
Current state: intentional placeholder.
When public components exist, this section will be updated with the repository, license, versioning, and maintenance policy.