Every governed decision lands in a tamper-evident, Merkle-sealed log. You can verify any receipt offline with an open-source library, without trusting us or even reaching our servers.

• How provable security works
• Public tool transparency log
• Verify a server

Export an offline-verifiable evidence bundle for SOC 2 and ISO audits straight from the dashboard: sealed audit checkpoints, configuration history, and retention proofs in one archive.

• Evidence bundle docs
• Audit export and SIEM streaming

SAML single sign-on, enforced MFA, four-level role-based access, scoped API keys with rotation and expiry, configurable data retention, and IP masking are all built in.

• Workspace security docs
• What each plan includes

Self-service data export and deletion, jurisdiction-aware response deadlines, and a documented retention schedule. We support GDPR, CCPA/CPRA, and the broader US state privacy laws.

• Privacy Policy
• Your privacy choices

Our Data Processing Agreement covers GDPR Article 28, UK GDPR, and Swiss FADP obligations, with Standard Contractual Clauses for international transfers.

• Data Processing Agreement
• Sub-processor list

Enterprise subscriptions carry a 99.9% monthly uptime commitment with service credits, and every plan has documented support response targets. The status page shows live component health and 90 days of uptime history.

• Status page
• Service Level Agreement

AxioRank runs on audited cloud providers (Vercel and Supabase, both SOC 2 Type II attested), with encryption in transit and at rest, isolated per-workspace data, and deny-by-default row-level security.

• Where your data lives

Customer data is stored in the United States today, and we say so plainly rather than implying otherwise. The optional ML assessment lane can be pinned to EU compute for workspaces set to the EU region. EU teams keep further control through gateway-side redaction, configurable retention, SIEM streaming into infrastructure you run in your own region, and self-service export and erasure.

• Data residency posture
• Sub-processor regions

Our SOC 2 Type II engagement is in progress; the report will be available under NDA. Independent penetration testing is performed against the gateway and dashboard, with summaries available to customers on request.