Security & Compliance Roadmap

Public commitments on certifications, audits, and trust-center milestones. Honesty with timelines beats silence — if an item slips we update this page.

Last updated: 2026-04-16

ISO/IEC 27001:2022 certification

In progress — Q4 2026

Gap assessment completed. Policies, risk register, and Annex A controls are being rolled into the management system. External audit scheduled with an accredited body.

SOC 2 Type I

Planned — Q1 2027

Covers the SaaS platform and license server. Type II follow-on planned six months after Type I attestation.

Third-party penetration test

Scheduled — Q3 2026

Grey-box engagement on the SaaS platform, portal, and API. Summary report will be made available under NDA to enterprise prospects.

YesWeHack / Intigriti disclosure program

Evaluating — Q3 2026

EU-based coordinated disclosure platform. Until launch, researchers can reach us directly via the Responsible Disclosure policy.

Public status history page

Live — Available now

90-day uptime history with per-service bars and incident log. See the status page.

DPIA summary (public)

Planned — Q3 2026

A public summary of our Data Protection Impact Assessment will be published on the compliance page. The full DPIA remains available under NDA.

Signed SBOM pipeline

In progress — Q3 2026

Automatic CycloneDX + SPDX generation on every release, with detached signatures and a public archive of the last five versions.

Want the details?

Enterprise prospects can request the latest pen-test summary, DPIA, or gap-assessment report under NDA. Email [email protected].