Live posture
Security and compliance, continuously verified
We hold ourselves to the same continuous operational control we sell — every claim below is wired to the same evidence ledger our customers use.
Framework status
SOC 2 Type II
In progressQ4 2026
ISO 27001:2022
Controls mappedAudit Q1 2027
EU AI Act
CompliantSelf-attested
GDPR
CompliantDPA available
Sub-processors
| Vendor | Purpose | Region |
|---|---|---|
| Lovable Cloud (Supabase) | Primary database, auth, object storage | EU (Frankfurt) |
| Cloudflare | Edge compute, DDoS protection, CDN | Global |
| Resend | Transactional email | US |
| Anthropic / Google | AI inference for finding analysis | US (zero-retention API) |
Controls in place
- Hash-chained evidence ledger (tamper-evident)
- Row-level security on every tenant table
- TLS 1.3 in transit; AES-256 at rest
- OAuth-based SSO with per-org role scoping
- Quarterly access reviews; least-privilege defaults
- All secrets stored in Lovable Cloud secret vault
Report a vulnerability
Email security@vibeshield.aitwcloud.com. We acknowledge within 24h and remediate critical issues within 7 days.
Legal documents