Frequently asked questions
Straight answers about what Keel does. Everything here reflects functionality that ships today. Still have a question? Get in touch.
What is Keel?
Keel is a self-serve GRC (governance, risk & compliance) and vendor-risk platform for small and mid-sized companies getting their first SOC 2, ISO 27001, HIPAA, or PCI DSS. You set up controls, collect evidence, manage policies and vendors, and publish a trust center - without a consultant or an enterprise price tag.
Which frameworks does Keel support?
One control library crosswalked across SOC 2, ISO 27001, PCI DSS, HIPAA, ISO 9001, NIST CSF, and ESG. Map a control once and it satisfies the matching requirements in every framework you have applied. NIST CSF is free on every plan.
Does Keel get me certified?
Keel gets you audit-ready: it organizes your controls, evidence, and policies and shows your readiness against each framework. The certificate or attestation itself is issued by an independent auditor - Keel is not a certification body and does not perform the audit. We make the audit far faster and cheaper to get through.
Do I need a consultant to use it?
No. Keel is self-serve. A guided setup walks you from zero to a working program in an afternoon, and one-click starter control sets pre-map a framework for you. You can start free, no sales call.
How does pricing work?
There is a free plan (NIST CSF plus one paid framework), then Starter, Pro, and Enterprise tiers that add scale (frameworks, seats, vendors, storage, AI credits) and automation. Add-ons like extra frameworks, Trust Center Pro (custom domain + white-label), and AI credit packs layer onto any plan. See the pricing page for details.
Can I invite my auditor?
Yes - every workspace gets a free, read-only auditor seat that does not count against your plan’s seat limit. Auditors can review your program and evidence without being able to change anything.
Is my data secure and isolated?
Every workspace is isolated at the database level with Postgres row-level security, enforced in the database - not just in application code - so your data is never reachable from another workspace. Traffic is served over HTTPS/TLS, data is encrypted at rest by our infrastructure providers, and the app connects with a least-privilege database role. See our trust page for details.
How do vendor risk assessments work?
Add vendors by criticality and Keel sets review cadences so nothing goes unreviewed. Send a security questionnaire through a secure, no-login portal; the vendor contact can invite colleagues to help answer, and any of them can submit. Responses are auto-scored, and an AI builder can assemble a questionnaire from your concerns.
Does Keel actually use AI, or is it a buzzword?
Real, shipping features: import a messy Word policy and AI rewrites it into a clean, framework-mapped draft; paste a vendor’s website and AI drafts their risk profile; describe your concerns and AI assembles a scored questionnaire. Metered AI credits are included on every paid plan.
Can I put my trust center on my own domain?
Yes, on Enterprise (or with the Trust Center Pro add-on). You can serve your public trust center on your own hostname and remove Keel branding. Verification is a simple DNS record.
Can I manage several clients as an MSP or partner?
Yes. On Enterprise, the multi-client console gives managed-service providers and consultancies a cross-client overview - readiness, open risks, tasks, and vendors for every workspace - with one-click switching. You can spin up a new, isolated client workspace right from the console, white-label each trust center, and put it on the client's own domain. See the For MSPs page for details.
Is there an API or integrations?
Pro and Enterprise include a REST API, outbound webhooks, and Zapier, plus automated directory sync from Microsoft Entra ID or Google Workspace. CSV import is available on every plan.
Can I get a weekly summary without logging in?
Yes. Turn on the opt-in weekly digest in Settings and Keel emails you a readiness summary every week - coverage, gaps to close, open risks and tasks, vendors due for review, and outstanding training. You can also email yourself an on-demand digest from the dashboard anytime.
How do I get help?
Start free anytime and use the in-app guided setup plus the Help page, which has step-by-step guides for every module. For questions, reach our support team from the Support link inside the app or the site footer, or email [email protected].
Ready to see it? Start free →