Trust
Calibrated paranoia, documented.
Stadiums, hotel groups, and government-adjacent buyers treat compliance as a hard gate. We treat it as a feature.
Certifications
Achieved
SOC 2 Type II
Achieved
ISO 27001:2022
Compliant
GDPR (Art. 28)
Aligned
CJIS Security Policy
In Process
FedRAMP Moderate
Completed
HECVAT (v3.04)
Data handling
- · AES-256 at rest. TLS 1.3 in transit. Customer-managed keys on Enterprise.
- · Data residency: US, EU, or customer-selected at provisioning.
- · Hourly incremental + daily full backup, 35-day retention. Quarterly DR test.
- · Customers retain ownership of all customer data; 30-day deletion on termination.
- · We do NOT use customer data to train models that benefit others (opt-in Grid Intelligence consortium excepted).
Surveillance & ethics policy
- · Threat Intel monitors public open sources only.
- · Face recognition is OFF by default; enabling requires customer-side justification + legal sign-off.
- · We will not knowingly support targeting of individuals on protected-speech grounds.
- · Annual Trust Report includes count + type of government data requests received.