One URL for your InfoSec, legal & procurement teams
SOC 2 Type II, ISO 27001, HIPAA, GDPR, sub-processors, pen-test summary, MSA / DPA / BAA — every document your security and legal teams will ask for, in one place. Forward this URL to them.
Audited, certified, and continuously assessed
SOC 2 Type II
Annual independent audit covering Security, Availability, Confidentiality.
ISO 27001
Information Security Management System (ISMS) aligned to ISO/IEC 27001:2022.
HIPAA
Business Associate Agreement available for healthcare workloads.
GDPR
EU DPA, Standard Contractual Clauses (SCCs), and named sub-processors list.
CCPA / CPRA
California consumer privacy rights honoured for in-scope engagements.
AWS Partner
Advanced Tier Services Partner — well-architected, security competency.
Six controls that turn compliance into operational reality
Security operations
Defence-in-depth architecture and 24/7 monitoring on every enterprise environment.
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Centralised key management with hardware-backed roots
- 24/7 SOC monitoring + SIEM with audit-log streaming to your stack
- Quarterly third-party penetration tests; executive summary on request
Privacy & data protection
Data residency and sub-processor transparency before a single record moves.
- Data residency options: EU, US, and India regions
- Named sub-processors list maintained and version-controlled
- GDPR Art. 28 DPA; EU SCCs included; right-to-be-forgotten workflows
- Customer data segregation and tenant isolation controls
Identity & access
We meet your identity stack — not the other way around.
- SAML 2.0 and OIDC SSO with your IdP (Okta, Entra ID, Ping)
- SCIM 2.0 user provisioning + de-provisioning
- Role-based access control with quarterly access reviews
- IP allow-listing and MFA enforcement on every environment
Incident response
Documented runbooks and contractual SLAs you can hold us to.
- 24/7/365 P1 acknowledgement under 15 minutes
- Customer notification within 72 hours of confirmed breach
- Post-incident review with root-cause analysis and remediation plan
- Tabletop exercises and runbook drills run quarterly
Business continuity
Survivable architecture with tested disaster recovery.
- 99.95% uptime SLA on enterprise programs (contractual remedies)
- Multi-AZ active-active by default; multi-region on request
- Backups: encrypted, 30-day retention, restore tests every quarter
- RTO ≤ 4h, RPO ≤ 15min on tier-1 workloads
Vendor & supply-chain risk
We treat our vendors the way we expect to be treated.
- Sub-processor due diligence: SOC 2 / ISO 27001 evidence collected
- Sub-processor change notifications with 30-day right-to-object window
- Software supply-chain: SBOMs, dependency scanning, signed artifacts
- Open-source license compliance review on every release
The forms, reports, and contracts your team will ask for
Most documents are available the same day on a signed mutual NDA. Standard templates are public; signed reports require an NDA on file before distribution.
Request the trust packSub-processors
Named list of every third party that processes customer data on our behalf — function, scope, and country of processing. Updated whenever the list changes; 30-day notice on additions.
View listData residency
Choose where your data lives: EU (Frankfurt / Dublin), US (Virginia / Oregon), or India (Mumbai). Cross-region replication only with explicit consent.
Discuss residencyResponsible disclosure
Found a vulnerability? Email us with reproduction steps — we acknowledge within 24 hours, triage within 72, and recognise your contribution publicly when remediated.
Email securityNeed something not listed here?
Most enterprise security teams complete review using the package above. If your team has a specific framework (FedRAMP, PCI-DSS, NIST CSF, FFIEC, MAS-TRM), reach out — we'll meet you where you are.