Security & Trust
Verifiable operations. Controlled disclosure.
What we can prove today, we publish today. What we're mid-certification on, we say so plainly. Full diligence artefacts — pen-test summary, SBOM, entity-scope statement, DPA and MSA previews — arrive on request under NDA.
Last reviewed · July 2026
Certification status
Held, underway, planned — nothing implied.
The table below is the whole story. Precise entity-scope statements sit in the NDA-gated diligence pack.
| Claim | Status | Evidence available |
|---|---|---|
| ISO 27001-certified operations | Held | Under NDA |
| SOC 2 Type II: engagement underway | Underway | Under NDA |
| Independent penetration test: planned Q3 2026 | Planned | Arrives with the report |
| GDPR- and PDPL-aligned by design | Held | Under NDA — policy pack + DPIA templates |
Security architecture
Appliance-central by design.
Sensitive workloads run on a hardware appliance inside your perimeter — models, retrieval corpus, and audit ledger all local to the site.
A virtual-key gateway sits between every model call and the model itself: OPA policy authorises the request, an ingress guardrail screens for prompt injection, and every outcome is written to a Merkle-signed audit chain before the response leaves the gateway.
The central plane manages fleet enrolment, per-tenant configuration, and offline-verifiable audit roots — it never sees prompt or response bodies.
Per-country data residency is enforced at the appliance and re-checked at the gateway; a request whose residency label does not match the tenant's configured region is denied at policy time.
The audit chain is public-verifiable: daily Merkle roots are signed with a rotated staff key whose public part is published under /v1/audit/keys, so any party holding an export can reconstruct the tree and check the signature offline.
Sub-processors
The list is short, and it stays that way.
Prompt and response content never reach these third parties from the appliance path. Central-plane sub-processors handle DNS, edge protection, transactional mail, compute, and — only when the gateway routes to a hosted frontier model — the model provider itself.
| Provider | Purpose | Region |
|---|---|---|
| Cloudflare | DNS and edge DDoS protection for public marketing surfaces | Global |
| Transactional SMTP provider | Outbound transactional email (contact intake, briefing confirmations) | EU |
| Anthropic API | Fallback model routing — invoked only when a tenant's routing policy explicitly permits it | EU or US (per routing decision) |
| Hetzner (bare-metal) | Central-plane compute — control plane, aggregator, portals | EU (Frankfurt) |
Data residency
Sensitive work never leaves your country.
Prompts, retrieval corpora, and generated responses stay on the appliance in the country where it is installed. The gateway's residency policy is the enforcement point: a routing decision that would move a request across a residency boundary is denied at policy time, not logged after the fact.
The central plane's own data flows are narrow by design: enrolment metadata, signed audit roots (not events), configuration, and billing counters. No prompt or response content transits the central plane. Central-plane records are held in the EU (Frankfurt) unless a sovereign region overlay is contracted.
Audit-chain proof
A live, signed root — refreshed hourly.
Every appliance event flows into a Merkle chain. Once a day, the root of the day's tree is signed with a rotated staff key and published. Below is the most recent published root — fetched from the audit-aggregator when this page rendered. Copy the root and its signature, download the day's chain export, and verify offline with the audit-verify CLI.
Verify it yourself
The signature covers (source, region, day, events_count, root_hash). Public signing keys are listed at /v1/audit/keys. Chain exports are tenant-scoped and require a diligence-pack NDA.
Download the audit-verify CLIQ3 2026
Live root temporarily unavailable.
The proof service is reachable directly at the endpoint below. This widget will refresh on the next hourly revalidation.
- Proof endpoint
- https://ops.operayde.com/v1/audit/roots?limit=1
NDA-gated diligence
Everything else, on request under NDA.
Legal and security teams typically ask for the same seven artefacts. We package them as a diligence pack, released after a mutual NDA and a scoping call. Corporate procurement expects a human on the other end — that's what this is.