Trust

Trust center

This page collects everything customer security, legal, and procurement teams typically need to evaluate PersonaMesh. We update it on every significant change.

Documents

DocumentAudienceStatus
Security overviewEngineering, securityPublic
Data processing addendum (DPA)Legal, privacyPublic draft
Sub-processor listLegal, procurementPublic; updated on change
Responsible AI commitmentsRisk, AI policyPublic
SOC 2 Type I reportCustomer security teamsNDA — request via trust@personamesh.ai
Penetration test summaryCustomer security teamsPre-GA — not yet available
Insurance certificate (cyber + E&O)ProcurementNDA

Status

Current rolling-90-day uptime is published on the public status page (link goes live with the production rollout). Subscribe to incident updates via email or webhook from the same page.

Compliance roadmap

  • SOC 2 Type I — controls in place; auditor engagement next.
  • SOC 2 Type II — 12 months after Type I.
  • ISO 27001 — gap analysis underway.
  • HIPAA + BAA — available once BYOK with HSM lands.
  • FedRAMP Moderate — public-sector path in a separate tenancy.
  • EU AI Act — feature-by-feature risk classification in progress.

Architectural readiness

  • Hash-chained tamper-evident audit log with a public verify endpoint.
  • Per-tenant rate limiting and per-persona budget caps prevent runaway behavior.
  • Pluggable safety classifiers (regex, model-based, customer-supplied).
  • Tool sandbox with JSON-Schema arg validation, egress allowlists, per-call timeouts.
  • Pluggable KMS interface for envelope encryption (local, AWS KMS, Vault, HSM via PKCS#11).
  • Cosign-signed container images with attested CycloneDX SBOMs.

Contact

Security questions: security@personamesh.ai
Trust + procurement: trust@personamesh.ai
Privacy + DSARs: privacy@personamesh.ai