0% platform fee — first 1,000,000 customersClaim 0% fee
Trust Center

The trust center your procurement team will ask for

Current posture, framework status, and every legal document — one page, honestly labeled. We say exactly what is available today and what is still in progress. No vendor-questionnaire roulette.

trust · posture · contract

Current trust posture

RLS-protected tables100%
USING (true) policies0
Master-key surfaceisolated
SOC 2 (Nemo Router-level)in progress
DPA / SCCs / AUPpublished
Questionnaire turnaround1 business day
TLS 1.3AES-256GDPRHIPAA-eligible
RLS-protected tables
100%

Tenant isolation enforced at the database

Uptime SLA
99.9%

Backed by managed Cloud Run + Supabase

Doc turnaround
1 day

DPA, SCCs, questionnaires — one business day

Customer LLM auth
0 master

Virtual keys only — never the master key

Posture

Where every framework stands, right now

Status drawn from one source of truth and never overstated — active, in progress, or available on request. We will never put a badge on a framework we have not earned.

  • In progress· Q3 2026

    SOC 2 Type II

    Nemo Router operates SOC 2-aligned security, availability, and confidentiality controls today — encryption, access control, change management, audit logging, tenant isolation.

  • In progress

    ISO/IEC 27001

    Information security management practices aligned to ISO/IEC 27001 Annex A controls — asset management, access control, cryptography, operations security, supplier relationships.

  • Active

    GDPR

    Compliant with the EU General Data Protection Regulation.

  • Available

    HIPAA

    Nemo Router supports HIPAA-eligible workloads.

  • Available

    PCI DSS

    Nemo Router never touches raw cardholder data.

  • Active

    Data residency

    Pin where customer data is processed and stored.

On the record: a formal Nemo Router-level SOC 2 Type II audit is in progress — not complete, and we do not market a certificate we have not earned. The infrastructure we run on (Google Cloud Run, Supabase) is independently SOC 2 Type II and ISO 27001 certified today.

Documents

Available right now, no gate

Linked directly — open them, send them to your auditor, attach them to a ticket. Nothing here requires a sales call.

On request — sent within one business day
Security questionnaire response
Send your CAIQ, SIG, or custom questionnaire. We complete it manually and return it within one business day.
Controls walkthrough
A 30-minute call where your security team and auditor get the same answers we give our engineers.
Business Associate Agreement (BAA)
For organizations processing PHI on an Enterprise plan. Reviewed and signed within 5 business days.
Custom MSA & security exhibit
When procurement needs paper on their template, our legal team works from yours.

We complete security questionnaires manually — no portal in the loop. Every answer is reviewed by the engineer who owns the control. Start the request from the contact page.

Get in touch

Talk to the team that owns the controls

Report a vulnerability, request documentation, or book a controls walkthrough. Security reports are acknowledged within 48 hours.

FAQ

Common procurement questions

Something not covered? Ask us directly from the contact page.

Security review · 30 minutes

Bring your auditor — they will get the same answers we give the engineers

No NDA to start, no sales gate. Send your questionnaire, book a controls walkthrough, or request a signed DPA.