New · Evidence Freshness & Coverage

Prove compliance. Automatically.

Automate evidence collection from your stack, map it to PCI DSS 4.0, ISO 27001 and SOC 2 controls, and stay continuously audit-ready.

Book a demo
See how it works
AgentlessRead-onlyLeast-privilegeEU/UK data residency
Control coverage
Live
33%

13 of 39 mapped controls currently passing

Evidence freshness
Live
92%

of evidence still valid under your 30-day freshness policy

Open findings
Live
3 high / 0 critical

From Snyk and Dependabot scans

kestrelo is the AI-powered platform trusted by the world's most innovative companies.
Salesflow
OVHcloud
Salesflow
Trencadis
Salesflow
OVHcloud
Salesflow
Trencadis

How it works

Collect Evidence

Connect AWS, Azure, GitHub, Jira and other sources. We pull evidence automatically in read-only mode. No agents needed.

Normalize Data

Transform raw evidence into a unified format. Different sources, different schemas—we make them consistent.

Map to Controls

Link evidence artifacts to PCI DSS, ISO 27001, and SOC 2 controls. Visual mapping shows coverage gaps.

Orchestrate Workflows

Run automated jobs, schedule freshness checks, and export audit-ready bundles. Stay compliance-ready.

Card visualization
Card visualization
Card visualization
Card visualization
Kestrelo

Frameworks

PCI DSS 4.0

Payment Card Industry Data Security Standard for securing cardholder data.

ISO 27001:2022

International standard for information security management systems.

SOC 2 Type II

Service Organization Control report for security, availability, and confidentiality.

Integrations

Accelerate value with integrations, apps, and add-ons

Kestrelo connects to your cloud, repos and tools so you can centralize evidence collection and coverage insights. Connect AWS, Azure, GitHub, Jira and more — map artifacts to frameworks and export audit-ready bundles.

Customer stories

KFactory

Manufacturing
Cut audit prep time by 70%

Automated PCI evidence from GitHub Actions, AWS IAM, and Jira — cutting manual collection by 70%

Read more

Trencadis

GovTech
From spreadsheets to automation

Replaced manual ISO 27001 tracking in spreadsheets with automated coverage dashboards and always-up-to-date evidence.

Read more

Salesflow

IT & Cybersecurity
Faster SOC 2 readiness

Normalized scattered cloud evidence into consistent SOC 2 bundles so sales teams could clear security reviews much faster.

Read more

Meet our leadership

Engineering-led, with experience across fintech, gaming, manufacturing/AI, and public sector.

  • Stefan Niculescu

    Stefan Niculescu

    CEO

  • Catalin Soava

    Catalin Soava

    Head of Platform

  • Cosmin Mares

    Cosmin Mares

    Head of Engineering

  • Virgil Truica

    Virgil Truica

    Head of Sales

Security & Trust

Kestrelo is built with a security-first architecture: read-only connectors, least-privilege access and enterprise-grade encryption by default.

Data protection

Encryption in transit and at rest; fine-grained, read-only scopes; least privilege.

AES-256 at restTLS 1.2+

Access & identity

SSO/SAML, role-based access control, audit logs, customer-managed keys (Enterprise).

SSOSAMLRBAC

Compliance posture

Designed for PCI, ISO 27001, SOC 2 workflows and evidence exports.

PCI DSSISO 27001SOC 2
Built on certified cloud infrastructure

ISO 27001 · ISO 27017 · ISO 27018 · ISO 27701 · CSA STAR · PCI DSS · SOC 1 · SOC 2 · SOC 3

Simple pricing

Starter
$0
  • Up to 3 integrations
  • Community support
  • Audit-ready exports
Choose Starter
Growth
Custom
  • Unlimited integrations
  • Advanced workflows
  • SLA support
Choose Growth
Enterprise
Custom
  • SAML/SSO
  • Onboarding & SOC2 support
  • Dedicated CSM
Choose Enterprise

Ready to orchestrate compliance?

Book a 30-minute demo. We'll map your stack and show automated evidence collection in action.

Quick contact
Or email us at hello@kestrelo.com