Trust center
One page for auditors and procurement.
Security posture, subprocessors, audit status, certifications in progress, and the disclosure policy. Bookmark this URL. We update it as state changes, not when a sales cycle requires it.
SOC 2 Type II
Target Q1 2027
Audit in progress with an AICPA-registered firm. We will publish the date the report becomes available and the firm name.
HIPAA BAA
With SOC 2 cutover
Template Business Associate Agreement ships alongside the SOC 2 Type II report. Healthcare deployments require it; we are not signing one before.
CSA STAR for AI
Application active
Application materials in flight. Independent CSA review aligned with the Agentic Control Plane working group.
Security posture
The shortlist. Full security page →
Hybrid-signed (Ed25519 + ML-DSA-65) Decision Receipts
Every gateway action signed. Publicly verifiable, offline, with any compliant library.
BYO-keys with no-persistence
LLM provider keys forwarded once, never written. Enforced by DB-scan test in CI.
Hashed-only license storage
License keys live as SHA-256 hashes. Issued once at provisioning; never re-issued.
HMAC-verified inbound webhooks
Twilio, Slack, Paddle: all constant-time compared with 5-minute replay window.
Multi-tenant by composite PK
(tenant_id, oid) composite keys throughout. Cross-tenant read is structurally impossible.
HTTP-only session cookies
Portal sessions stored HTTP-only, SameSite=Lax. No JS-side reads.
Configurable retention
Receipts 365d default; cache 30d; embeddings 90d. LRU eviction on size caps.
Anti-relay-aware proxy
Byte-identical forwarding when needed. Body-mutating features auto-disable for OAuth tokens.
Subprocessors
Who touches data on our behalf.
AWS
Primary cloud infrastructure (US regions)
us-east-1 / us-west-2
Cloudflare
Edge proxy, DDoS, DNS
Global edge
Paddle
Merchant of record · billing
EU + US
Twilio
SMS HITL delivery (optional, per-tenant)
US
Slack API
Slack HITL delivery (optional, per-tenant)
US
Anthropic / OpenAI / Groq
LLM inference (tenant keys, never persisted)
Per provider
Customers may pin to a subset via Enterprise tier. Region-pinning available with the GDPR data-residency module (planned · Enterprise).
Vulnerability disclosure
Found something? Tell us.
Email via the contact form with reproducer details. We acknowledge within two business days and aim to triage within one week. Coordinated disclosure is welcome; we will agree a public-write-up date together.
A formal bug-bounty program (HackerOne, scoped) is on the roadmap concurrent with the SOC 2 Type II cutover. Until then, researcher acknowledgement is by name on this page on request.
Procurement questionnaire?
We fill in security questionnaires directly. No NDA gate, no sales detour. Email your spec and we will return a completed copy.