// compliance trajectory

We are pre-GA. Compliance posture is set on the trajectory to SOC 2 Type I.

The platform ships the controls that a SOC 2 audit would test for — audit log, retention, encryption, RLS, governed access. The audit engagement itself is queued post-GA. This page is the honest version of where we stand.

// controls status

Two states, no spin.

Shipping means the implementation is live and exercised by tests. Pending means the engineering is done or in flight but the external attestation is not yet closed.

Control	State	Detail
Audit log	Shipping	Append-only, per-tenant. Tenant-scoped DB role has no DELETE permission. Compliance reviewers can export a date-range archive with an Ed25519-signed manifest.
Retention policy	Shipping	Tenants set retention windows for conversations, audit logs, and usage events. A daily purge cron hard-deletes rows past the window and records the purge in the audit log.
Encryption at rest	Shipping	AES-GCM with per-org data keys derived from a master key in a secret store. Tenant offboarding cryptographically shreds the key.
Row-Level Security	Shipping	Every tenant table is RLS-guarded. Every Postgres connection runs as a tenant-scoped role.
Operator access governance	Shipping	Impersonation requires a documented reason, expires in one hour, lands in the tenant audit log, and is end-able from the tenant dashboard.
SOC 2 Type I audit	Pending	Gap analysis complete. Control mapping in flight. Type I attestation engagement queued post-GA.
SOC 2 Type II observation	Pending	Follows Type I. Six-month observation window planned approximately six months after Type I closes.
ISO 27001	Pending	On the post-SOC-2 roadmap. Not actively in audit today.
HIPAA-aware deployment posture	Pending	PrimeAssist is not HIPAA-certified today. The healthcare-admin posture (PHI redaction in retrieval and logs, plan-document fidelity, appeal-rights citation) is the engineering work that makes a future BAA tractable.

Audit log
Shipping

Append-only, per-tenant. Tenant-scoped DB role has no DELETE permission. Compliance reviewers can export a date-range archive with an Ed25519-signed manifest.
Retention policy
Shipping

Tenants set retention windows for conversations, audit logs, and usage events. A daily purge cron hard-deletes rows past the window and records the purge in the audit log.
Encryption at rest
Shipping

AES-GCM with per-org data keys derived from a master key in a secret store. Tenant offboarding cryptographically shreds the key.
Row-Level Security
Shipping

Every tenant table is RLS-guarded. Every Postgres connection runs as a tenant-scoped role.
Operator access governance
Shipping

Impersonation requires a documented reason, expires in one hour, lands in the tenant audit log, and is end-able from the tenant dashboard.
SOC 2 Type I audit
Pending

Gap analysis complete. Control mapping in flight. Type I attestation engagement queued post-GA.
SOC 2 Type II observation
Pending

Follows Type I. Six-month observation window planned approximately six months after Type I closes.
ISO 27001
Pending

On the post-SOC-2 roadmap. Not actively in audit today.
HIPAA-aware deployment posture
Pending

PrimeAssist is not HIPAA-certified today. The healthcare-admin posture (PHI redaction in retrieval and logs, plan-document fidelity, appeal-rights citation) is the engineering work that makes a future BAA tractable.

// sub-processors

Every vendor that processes tenant data is disclosed.

We publish the sub-processor list as plain HTML on a dedicated page and, separately, as machine-readable JSON for procurement teams that track third-party risk programmatically. We update the list when a new vendor is added and notify subscribed customers of changes.

See the full list

// data processing addendum

Our DPA is available on request.

We do not publish a click-through DPA today. Procurement teams that need a redlined copy can email us and we will return a draft within two business days. The DPA references the same sub-processor list, controls posture, and incident-response policy that this trust center publishes.

Request the DPA Back to trust