Docs

Trust center

Trust center

The trust center is the single entry point for security, privacy, and reliability questions from enterprise buyers evaluating GovAI. Deep dives live in docs/security/ and the pages below.

Trust center controls

What buyers should expect from GovAI documentation vs operations.

What GovAI provides

3
  • Evidence-first governanceAuditable artefacts tied to policy and run_id.
  • Deterministic OSS gatesRepository checks mirrorable in customer CI.
  • Tenant isolation storyServer-side key mapping documented for reviewers.

What GovAI does not provide

2
  • Legal certificationNo EU AI Act conformity attestation from the product alone.
  • Your SOC 2 controlsInterfaces documented; you operate controls.

What GovAI provides#

  • Evidence-first governance — auditable artefacts tied to policy and run identifiers.
  • Deterministic OSS gates — repository checks (including documentation presence and link integrity) that teams can mirror in CI.
  • Clear isolation story — tenant boundaries for ledger-backed operations are rooted in server-side key mapping (see ../security/tenant-isolation.md).

What GovAI does not provide by itself#

  • Legal advice or regulatory certification.
  • Your SOC 2 control implementation — we document interfaces; you operate controls.

Document map#

AudienceStart here
Security architecture../security/security-overview.md
Procurement / RFPcompliance-mapping.md
ISO/IEC 42001 readiness (mapped, not certified)../standards/iso-42001.md
Researchers / reportersresponsible-disclosure.md
Sales engineeringenterprise-faq.md
Cryptographic signing and verificationimmutable-trust-chain.md, evidence-signing.md, verification-workflows.md
Key lifecycle and HSM practiceskey-rotation.md, private-key-governance.md
Vendor and auditor handoffcross-organization-attestation.md, supply-chain-integrity.md
Machine-readable profiles (repo root)../../trust/README.md

Contact#

Use maintainer channels described in responsible-disclosure.md for security-sensitive messages.

← Back to home