TRUST CENTER
Current status. Not aspirational.
Certifications in progress, in place, and on the roadmap — with honest dates. Responsible disclosure scope and DPA template available on request.
Status
| Item | Status | Note |
|---|---|---|
| SOC 2 Type I | In progress | Independent auditor engaged. Expected Q3 2026. |
| SOC 2 Type II | Planned | Begins 90 days after Type I report is issued. |
| ISO 27001 | Evaluating | Scoping with customers who need the control mapping. |
| Pen test | Quarterly | External firm, report available under NDA. |
| Responsible disclosure | Public | Scope, contact, and rewards below. |
Responsible disclosure
Email info@verosek.com. PGP fingerprint is listed on the /trust page of docs.verosek.com.
In scope: the gateway, the Shield ML service, the admin console, and the official Python SDK. Out of scope: third-party connectors operating under their own policies.
We acknowledge within one business day, triage within five, and remediate or mitigate validated high-severity issues within thirty days.
Privacy and DPA
Self-hosted Verosek deployments never transmit your data to us. The managed PaaS (waitlist) carries a DPA template derived from EDPB and CNIL guidance. Request a copy from info@verosek.com.
Privacy policy and DPA template are available on request under NDA.