← Back to Oracron
Governance hub

One link to everything that proves we're trustworthy

Procurement, security, and risk teams ask for the same four artefacts. They each live as their own document — this page is just a single, link-able entry point.

Data Processing Agreement →

Customer-facing DPA. Sub-processors, retention, breach notification, transfer mechanism.

Privacy policy →

What we collect, why, how long we keep it, and how it's protected. GDPR-aligned.

Security overview →

Encryption, RLS tenancy, authentication, key management, audit logging. Architecture summary.

security.txt →

Coordinated-disclosure contact + canonical URL per RFC 9116. For independent researchers.

Data governance details →

EU/US residency, no-training terms, ai_audit_log, model retention windows.

AI oversight (Article 14) brief →

Printable one-pager for procurement reviewers. Human-in-the-loop architecture mapped to EU AI Act Art. 14.

Don't see what you need? Email hello@oracron.app or reach the team via /contact.