Trust center
Security & Compliance
Active attestations, subprocessor register, and the disclosure path for reporting issues. Auditor-ready docs live here, not in a sales deck.
01 · Attestations
Active attestations
| Framework | Scope | Attested on | Next surveillance |
|---|---|---|---|
| SOC 2 Type II | Security + availability + confidentiality, full-stack IT operating environment. | TBD | TBD |
| ISO 27001 | ISMS across engineering + managed operations; surveillance cadence annual. | TBD | TBD |
| GDPR | Controller + processor roles mapped; DPA template available on request. | Ongoing | — |
| HIPAA + BAA | Signed BAA for healthcare engagements; subprocessor register updated quarterly. | Ongoing | — |
02 · Subprocessors
Subprocessors
- Amazon Web Services (eu-central-1)Customer cloud workloads (deployed per-client tenant)
- Microsoft Azure (west-europe)Customer cloud workloads (deployed per-client tenant)
- PagerDutyIncident paging for managed ops
- DatadogObservability plane (per-client workspaces)
03 · DPA template
DPA template
Standard data-processing addendum template, aligned to GDPR. Swap company names, sign, return.
Download DPA template (PDF) →04 · Disclosure
Responsible disclosure
Responsible disclosure
Found a vulnerability? Send PGP-signed reports to security@helptype.md. We respond within one business day, triage in three. Our disclosure policy is published at /responsible-disclosure.
security@helptype.md05 · Credit
Hall of fame
No disclosures have been published yet — the first reporter's credit will land here.