Trust

Security & Compliance

Institutional-grade security architecture. Every control is documented, tested, and auditable.

Design Partner Program · Production-deployable · Contact sales

Governance

Governance Center

510 audit entries total, 7 in the last 24 hours. Five cards link to Audit log, Compliance policy, Audit Export, Compliance dashboard, and Trust and Security mirror.

Governance Center: 510 audit entries total, 7 in last 24 hours, 57 in last 7 days. Five cards link to Audit log, Compliance policy, Audit Export (HMAC-signed), Compliance dashboard, Trust and Security mirror.

510 audit entries total, 7 in the last 24 hours. Five cards link to Audit log, Compliance policy, Audit Export, Compliance dashboard, and Trust and Security mirror.

Compliance

Compliance Posture

Compliance Posture surface. Four cards: SOC 2 Type II (in progress, attestation underway), Data residency (live, EU plus US clusters with cross-region replication off by default), GDPR (live, subject access plus deletion via gdpr-star permission), Subprocessor list (NDA-gated).

Isolated Tenant Data

Complete

Every client's data is logically isolated by tenant. Postgres row-level security policies enforce tenant scope on every query — cross-tenant reads are not possible from tenant-facing code. Your telemetry is yours alone, auditable and exportable on demand.

Audit Logging

Complete

Every decision, allocation, and outcome is timestamped and exportable. Investor-ready reporting from day one. Retention: 7 years with immutable storage.

SOC 2 Type II

In Progress

Type II audit in progress. Target: Q3 2026. Current posture: controls documented, evidence collection active, third-party auditor engaged.

GDPR Compliance

Complete

Data processing addendum available. Right to deletion, right to portability, and data residency options implemented. EU data stays in EU regions.

Responsible Disclosure

Annual

Security@standard.online. PGP key available on request. 48-hour guaranteed response for critical vulnerabilities. Bounty program: active.

Data Processing

Under NDA

All subprocessors have signed GDPR Art. 28 data processing agreements. The current disclosure — vendors, purpose, data class, processing region — is provided under mutual NDA as part of the DPA. Email security@standard.online with your firm's name to receive it within 24 hours.

Audit

Hash-Chained Audit Log

200 hash-chained entries with Verify hash chain action. Every event stamped policy v1.0.0.

Audit Log: 200 hash-chained entries, Verify hash chain action. Table columns Time, Kind, Subject, Operator, Policy, Hash. Kinds include alert.fired, trial.advanced, descriptor.updated, brain.proposal.approved, audit.export.approved, all stamped policy v1.0.0.

200 hash-chained entries with Verify hash chain action. Every event stamped policy v1.0.0.

Defense in Depth

Layered controls — every request crosses each one

Standard does not lean on a single security primitive. A request reaching tenant data crosses seven independent controls; a failure in any one layer is contained by the next.

  1. L0

    Edge — TLS 1.3 + HSTS preload

    All traffic terminates over TLS 1.3 at Vercel's edge. HSTS is set with a 2-year max-age, includeSubDomains, and preload — the domain is eligible for browser preload lists, so downgrade attacks are not possible from a fresh browser.

  2. L1

    Browser — strict CSP, COOP, frame-ancestors 'none'

    Content-Security-Policy restricts script, style, frame, and connect sources to an explicit allowlist. frame-ancestors 'none' blocks every iframe embedding (no clickjacking). Cross-Origin-Opener-Policy isolates browsing contexts. Permissions-Policy disables camera, microphone, geolocation, payment, USB, and FLoC.

  3. L2

    Auth — Clerk + MFA (TOTP / WebAuthn)

    Every protected route runs Clerk's middleware before any application code. MFA is required on accounts with elevated scope; passkey (WebAuthn) is the preferred second factor.

  4. L3

    App — RBAC (11 roles × 128 permissions)

    Authorization is enforced at the tRPC procedure boundary by a requirePermission middleware. Roles map to permission codes, and every protected procedure declares which permission it needs — no implicit access.

  5. L4

    API — per-IP rate limiting on public endpoints

    Unauthenticated POST endpoints (system inquiry, draft persistence, web-vitals beacons) are rate limited per IP with response headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset). Authenticated tRPC sits behind Clerk's per-account quotas.

  6. L5

    Database — Postgres row-level security

    Every tenant-bearing table has ENABLE ROW LEVEL SECURITY with policies that filter by terminal.current_tenant_id(). Tenant-facing code cannot read across tenants. Administrative access goes through an explicit, audit-logged withStaffScope() helper that bypasses RLS only after recording the call.

  7. L6

    Network — managed TLS to Postgres + audit-logged egress

    Database connections are TLS-only via Neon's managed Postgres. IP allowlist and VPC peering are available for Sovereign-tier deployments. Outbound integration calls are mediated by a token-bucket connector that logs every call to the audit log; no integration runs unmetered.

Every layer is tested independently. Penetration testing, log integrity (hash-chained audit log), and incident response procedures are described in the Privacy Policy and Trust documentation.

Technical

Encryption & Access Control

Encryption at rest
AES-256
Encryption in transit
TLS 1.3
Key management
AWS KMS / HashiCorp Vault
RBAC roles
Admin · Operator · Viewer
Session expiry
24 hours
MFA enforcement
Required (TOTP / WebAuthn)