Our own software supply chain, made auditable.
Certifications, data-handling commitments, security practices, sub-processors, and how to report a vulnerability — all on one page.
SOC 2 Type II examination in progress — report available to qualified parties under NDA.Posture and attestations.
SOC 2 Type II (audit in progress)
Continuous controls monitoring with an annual Type II report cadence covering security, availability, and confidentiality.
ISO/IEC 27001:2022
Information security management system mapped to ISO/IEC 27001:2022 controls; full statement of applicability available to enterprise customers under NDA.
FedRAMP HIGH-ready
Reference architecture designed against FedRAMP HIGH controls — boundary, encryption, audit logging, key management, and personnel screening posture.
STQC-readiness
Sovereign deployments are scoped against STQC readiness criteria for regulated public-sector use including air-gap, audit, and key-management controls.
What we do with your data.
No customer code in training
Customer code never enters any training pipeline at any tier. The exclusion is contractual, auditable, and attested per tenant. Our models learn from public security literature, not your repositories.
Per-tenant inference isolation
Prompts, KV caches, and intermediate reasoning traces are scoped to the tenant that initiated them. No cross-tenant prompt reuse, no shared scratch memory, no cache bleed.
Customer-controlled keys
Sovereign and Enterprise deployments support customer-controlled key material for envelope encryption, signing, and attestation. We hold envelopes; you hold the master.
How we run the platform.
Operational commitments
- Signed release artefacts (sigstore / cosign) with verifiable provenance.
- SBOM published publicly for every Safeguard release — eat-your-own-cooking transparency.
- Quarterly third-party penetration tests; executive summaries available to enterprise customers under NDA.
- Coordinated-disclosure bug-bounty programme with safe-harbour language for good-faith research.
- 24-hour customer notification commitment for material breaches affecting customer data.
- Encryption at rest via AES-256, TLS 1.3 in transit, mTLS between internal services.
- Hardware-backed signing keys for production release attestations.
- Quarterly access reviews and just-in-time elevation for production privileges.
The categories we rely on.
Material sub-processor categories listed below. The full live list — including named vendors, regions, and processing purpose — is provided to enterprise customers under NDA and updated on every material change.
| Category | Processing purpose |
|---|---|
| Cloud compute | Hosting of the managed control plane and reasoning inference (multi-region, customer-region pinned). |
| Object storage | SBOM artefact storage and audit-log archival (tenant-scoped buckets, customer-region pinned). |
| Observability | Application performance monitoring and security telemetry aggregation for the control plane. |
| Transactional email / comms | Account notifications, disclosure correspondence, and product transactional email. |
| Payments | Billing and invoicing for non-sovereign tiers. |
| Customer support | Ticketing, customer-success workflows, and support knowledge base. |
How to report a vulnerability.
Coordinated disclosure
We operate a coordinated-disclosure programme with safe-harbour language for good-faith research. Acknowledgement on inbound reports is within two business days; remediation timelines are tracked publicly per advisory once a fix is available.
Please include reproduction steps, affected component, and any logs. We will acknowledge within two business days and credit reporters on remediated advisories if you wish.
Need a longer security questionnaire?
Enterprise customers get full control documentation, sub-processor lists, pen-test summaries, and SOC 2 reports under NDA. Talk to us.