Trust
Trust center
This page collects everything customer security, legal, and procurement teams typically need to evaluate PersonaMesh. We update it on every significant change.
Documents
| Document | Audience | Status |
|---|---|---|
| Security overview | Engineering, security | Public |
| Data processing addendum (DPA) | Legal, privacy | Public draft |
| Sub-processor list | Legal, procurement | Public; updated on change |
| Responsible AI commitments | Risk, AI policy | Public |
| SOC 2 Type I report | Customer security teams | NDA — request via trust@personamesh.ai |
| Penetration test summary | Customer security teams | Pre-GA — not yet available |
| Insurance certificate (cyber + E&O) | Procurement | NDA |
Status
Current rolling-90-day uptime is published on the public status page (link goes live with the production rollout). Subscribe to incident updates via email or webhook from the same page.
Compliance roadmap
- SOC 2 Type I — controls in place; auditor engagement next.
- SOC 2 Type II — 12 months after Type I.
- ISO 27001 — gap analysis underway.
- HIPAA + BAA — available once BYOK with HSM lands.
- FedRAMP Moderate — public-sector path in a separate tenancy.
- EU AI Act — feature-by-feature risk classification in progress.
Architectural readiness
- Hash-chained tamper-evident audit log with a public verify endpoint.
- Per-tenant rate limiting and per-persona budget caps prevent runaway behavior.
- Pluggable safety classifiers (regex, model-based, customer-supplied).
- Tool sandbox with JSON-Schema arg validation, egress allowlists, per-call timeouts.
- Pluggable KMS interface for envelope encryption (local, AWS KMS, Vault, HSM via PKCS#11).
- Cosign-signed container images with attested CycloneDX SBOMs.
Contact
Security questions: security@personamesh.ai
Trust + procurement: trust@personamesh.ai
Privacy + DSARs: privacy@personamesh.ai