Trust Center

Everything a security buyer needs, in one place

Live service health, our compliance posture and control mappings, where your data lives, and the agreements to close a deal. A security product should prove its claims, so here is the evidence.

Some checks are degraded

Enterprise carries a 99.9% monthly uptime SLA with service credits. The status page has live per-component health and 90 days of history.

Live status

SOC 2 and ISO 27001 control map

Each evidence-bundle artifact, mapped to the SOC 2 Trust Services Criteria and ISO/IEC 27001:2022 Annex A controls it helps evidence.

ArtifactWhat it showsSOC 2ISO 27001
maturity/scorecard.*Zero-Trust posture across identity, policy, response, auditCC1.x, CC4.x5.1, 5.36
integrity/signed-tree-head.json, checkpoints.jsonTamper-evident, append-only audit log sealed into a signed Merkle ledgerCC7.2, CC7.38.15, 8.16
integrity/jwks.jsonPublic keys to verify the ledger signatures without trusting AxioRankCC7.18.15
governance/config.jsonThe enforced policy, detector, and response configuration as codeCC6.1, CC6.38.2, 8.3, 8.4
access/access-review.jsonMembers, roles, MFA and SSO enforcement (access review)CC6.1, CC6.2, CC6.35.15, 5.16, 5.18, 8.5
retention/retention-and-siem.jsonData-retention policy and SIEM streaming destinationsCC7.2, C1.x8.15, 5.33
activity/decision-summary.jsonGoverned-call decisions over the period (allow / deny / hold)CC7.28.16

Our SOC 2 Type II engagement is in progress; the report will be available under NDA. Mappings speed the audit review; they are not a certification.

Provable security posture

Every governed decision seals into a tamper-evident Merkle ledger you can verify offline. SAML SSO, enforced MFA, role-based access, and scoped keys are built in.

Data and subprocessors

AxioRank runs on SOC 2 Type II attested providers (Vercel, Supabase), encrypted in transit and at rest, with deny-by-default row-level isolation per workspace. Customer data is stored in the United States.

Agreements and legal

Our DPA covers GDPR Article 28, UK GDPR, and Swiss FADP, with Standard Contractual Clauses for international transfers, plus a documented SLA.

Need a questionnaire completed or a report under NDA?

Security reviews, vendor questionnaires, the SOC 2 report, and penetration-test summaries are available to customers and prospects on request. Email agents@axiorank.com.