Pre-signed Data Processing Agreement.
Our standard DPA covers SCCs, sub-processor terms, and security commitments. Pre-signed copy available before procurement asks.
Request DPA → SECURITY · TRUST
Audit-ready posture, audit-ready company.
Customers place their compliance program in our hands. We hold ourselves to a higher bar — and we run our own program on this same product.
Six controls. All passing. Last refreshed minutes ago.
A snapshot of our own SOC 2 Type II posture, built on compl.ai. Hourly automated tests run continuously.
CC6.1 Logical access
passing CC6.2 Access provisioning
passing CC6.3 Access removal
passing CC7.1 Threat detection
passing CC7.2 Anomaly response
passing CC8.1 Change management
passing This page reads from our public Trust Center, which runs on the same primitives our customers use.
What we hold, where it lives, who sees it.
Hosting
AWS multi-AZ, US-East and EU-West regions. Customer data never leaves the region you select. Tenant isolation enforced at storage.
Encryption
AES-256 at rest. TLS 1.3 in transit. Customer-managed keys (CMK) available on Enterprise.
Access
SSO + SCIM, role-based access, mandatory MFA for all internal staff. Production access is just-in-time, fully logged.
Audit log
Every agent action is immutable, source-cited, and queryable. Reversible for 30 days from the activity feed.
Incident response
24/7 on-call. P0 page within 15 minutes. Post-mortems published in the Trust Center within five business days.
Data deletion
Customer data purged within 30 days of contract termination. Audit-trail metadata retained per regulatory minimums.
Every vendor that touches your data.
The full list, kept current. Subscribe via the Trust Center to be notified when this list changes.
Vendor Purpose Region
AWS Primary cloud hosting US / EU
Cloudflare Edge, WAF, DDoS Global
Anthropic Agent inference US
Resend Transactional email US
PostHog Product analytics (anon) US
Linear Internal incident tracking US
Found something? We pay for proof.
Coordinated disclosure to security@compl.ai. Bug bounty live for verified researchers. Hall of fame in the Trust Center.