Trust centre

Security, compliance, privacy and platform status — in one place. Built for procurement and legal review at regulated buyers.

🔐

Security & controls

Authentication, encryption, audit trail, data residency. Honest claims only.

Open →

Status & incidents

Current operational status across the platform. Past incidents and postmortems.

Open →

📄

Privacy policy

What data we collect, how we use it, how to exercise your GDPR / UK GDPR / UAE PDPL rights.

Open →

At a glance

Multi-tenant isolation

Every read enforces a tenant filter at the query layer; per-client login isolation goes one step further, JWT-locking client users to a single client_id.

Audit trail

auth_events + audit_log capture every login, document touch, governance decision, invoice issued and invoice paid. Exportable on request.

SOC 2 Type II

Type II observation window opens Q3 2026. Pre-audit readiness review complete.

Data residency

EU + US. Per-region pinning available on Enterprise.

Encryption in transit

TLS 1.2+ end-to-end. HSTS preload.

Encryption at rest

AES-256 on the database; application-side re-encryption on signing secrets.

Need our DD packet, customer-specific DPA, or a security review call? Email security@governos.co.