Trust center
The questions enterprise procurement asks.
Compliance, certifications, posture, sub-processors, data residency. The trust center is a single page that links the live evidence — not promises.
Certifications
Current and in-flight.
- SOC 2 Type II — In flight. Targeting completion Q3 2026.
- ISO 27001 — In flight. Internal controls aligned; external audit scheduled.
- GDPR — Data Processing Agreement available on request. See DPA.
- CCPA — Honored. See privacy policy.
- HIPAA — BAA available on Enterprise. Audit trail meets §164.312(b).
- FedRAMP — Targeted for Government tier. Sovereign coordinator option.
Sub-processors
Where customer data flows.
The full sub-processor list with each vendor's scope is published at /legal/subprocessors. The summary:
- Fly.io — Stateless control-plane services (api, coord, relay, stun, signal).
- L1fe AI K3s platform cluster — Long-running stateful services and edge surfaces.
- Vercel — Marketing site, console, docs.
- Telnyx · Twilio · Soracom · etc. — Cellular providers (one wired per fleet by configuration).
- L1fe Sigil network — Audit chain anchoring.
- L1fe Garden — Billing pipeline.
Data residency
Pin where state lives.
Fleet state can be pinned to a region. EU-only fleets keep data in EU Silos instances and anchor only to EU-region Sigil validators. US-only fleets do the inverse. Multi-region fleets replicate audit chains across the regions you choose.
Resources
The receipts.
- Security model — what we mitigate, what we don't
- Responsible disclosure
- Legal index — privacy, terms, DPA, AUP, subprocessors, cookies
- Status page — live system health