New

Now in Claude, ChatGPT, Cursor & more with our MCP server

Koji
ProductPricingEnterpriseAbout
Back to Koji
Koji Compliance

Resources & downloads

Document downloads and the request flow for items that require a signed agreement or NDA. Standard turnaround is one business day.

Last updated: May 2026Applies to: All enterprise prospects and customers
How this page works: Many of Koji's compliance artifacts are PDFs released on request. This avoids stale versions floating around the internet and lets us tailor the package to your evaluation. Click the button on any item to send the request email; we reply within one business day with the document attached.

Data Processing Agreement

On request, one business day

GDPR Article 28 processor agreement with EU SCCs as annexes. Pre-signed by Koji B.V., counter-signed on request.

Request signed copy

Business Associate Agreement (HIPAA)

On request, one business day

Standard BAA template for US healthcare deployments. Available as part of the enterprise contract.

Request BAA

Sub-processor register (PDF snapshot)

On request, one business day

PDF snapshot of the current sub-processor register. The live HTML version is always at /compliance/sub-processors.

Request PDF

Pre-filled CAIQ Lite

On request, one business day

Cloud Security Alliance's CAIQ Lite security questionnaire, pre-filled with Koji's responses across the standard control families.

Request copy

Pre-filled SIG Lite

On request, one business day

Shared Assessments SIG Lite questionnaire, pre-filled across the standard categories. Suitable for financial-services and regulated-industry procurement.

Request copy

Security overview (PDF)

On request, one business day

Two-page PDF summary of Koji's security architecture, controls, and certifications, suitable for sending to InfoSec teams ahead of a call.

Request PDF

Penetration test summary

Under NDA

Redacted summary of the most recent third-party penetration test. Released under a one-page NDA.

Request under NDA

SOC 2 Type II report

Under NDA

Released to enterprise customers under NDA once the first audit completes. Subscribe to be notified.

Subscribe to updates

Bundled "first-call" package

Most enterprise evaluations start with the same three documents. We send all three together when you request the "first-call package":

  • Pre-signed DPA (PDF)
  • Security overview (2-page PDF)
  • Pre-filled CAIQ Lite questionnaire

Request the first-call package → We reply within one business day with all three attached.

Standard request format

To keep turnaround fast, include the following in any document request:

  • Your company name and the entity that will sign the contract
  • Your role and team
  • The deployment region you are evaluating (US or EU)
  • The use case in one sentence
  • Any deadlines or procurement constraints we should know about

Need something not listed here?

Email [email protected] and describe what you need. Most requests are answered the same day.

Questions about this document? Contact compliance.Back to compliance hub