Governance hub
One link to everything that proves we're trustworthy
Procurement, security, and risk teams ask for the same four artefacts. They each live as their own document — this page is just a single, link-able entry point.
Data Processing Agreement →
Customer-facing DPA. Sub-processors, retention, breach notification, transfer mechanism.
Privacy policy →
What we collect, why, how long we keep it, and how it's protected. GDPR-aligned.
Security overview →
Encryption, RLS tenancy, authentication, key management, audit logging. Architecture summary.
security.txt →
Coordinated-disclosure contact + canonical URL per RFC 9116. For independent researchers.
Data governance details →
EU/US residency, no-training terms, ai_audit_log, model retention windows.
AI oversight (Article 14) brief →
Printable one-pager for procurement reviewers. Human-in-the-loop architecture mapped to EU AI Act Art. 14.