The trust center your procurement team will ask for
Current posture, framework status, and every legal document — one page, honestly labeled. We say exactly what is available today and what is still in progress. No vendor-questionnaire roulette.
Current trust posture
- RLS-protected tables
- 100%
- Uptime SLA
- 99.9%
- Doc turnaround
- 1 day
- Customer LLM auth
- 0 master
Tenant isolation enforced at the database
Backed by managed Cloud Run + Supabase
DPA, SCCs, questionnaires — one business day
Virtual keys only — never the master key
Where every framework stands, right now
Status drawn from one source of truth and never overstated — active, in progress, or available on request. We will never put a badge on a framework we have not earned.
- In progress· Q3 2026
SOC 2 Type II
Nemo Router operates SOC 2-aligned security, availability, and confidentiality controls today — encryption, access control, change management, audit logging, tenant isolation.
- In progress
ISO/IEC 27001
Information security management practices aligned to ISO/IEC 27001 Annex A controls — asset management, access control, cryptography, operations security, supplier relationships.
- Active
GDPR
Compliant with the EU General Data Protection Regulation.
- Available
HIPAA
Nemo Router supports HIPAA-eligible workloads.
- Available
PCI DSS
Nemo Router never touches raw cardholder data.
- Active
Data residency
Pin where customer data is processed and stored.
On the record: a formal Nemo Router-level SOC 2 Type II audit is in progress — not complete, and we do not market a certificate we have not earned. The infrastructure we run on (Google Cloud Run, Supabase) is independently SOC 2 Type II and ISO 27001 certified today.
One page per question
This hub stays short on purpose. The engineering detail, the framework scope, and the live component health each have a page of their own.
Available right now, no gate
Linked directly — open them, send them to your auditor, attach them to a ticket. Nothing here requires a sales call.
On request — sent within one business day
- Security questionnaire response
- Send your CAIQ, SIG, or custom questionnaire. We complete it manually and return it within one business day.
- Controls walkthrough
- A 30-minute call where your security team and auditor get the same answers we give our engineers.
- Business Associate Agreement (BAA)
- For organizations processing PHI on an Enterprise plan. Reviewed and signed within 5 business days.
- Custom MSA & security exhibit
- When procurement needs paper on their template, our legal team works from yours.
We complete security questionnaires manually — no portal in the loop. Every answer is reviewed by the engineer who owns the control. Start the request from the contact page.
Talk to the team that owns the controls
Report a vulnerability, request documentation, or book a controls walkthrough. Security reports are acknowledged within 48 hours.
Common procurement questions
Something not covered? Ask us directly from the contact page.
Security review · 30 minutes
Bring your auditor — they will get the same answers we give the engineers
No NDA to start, no sales gate. Send your questionnaire, book a controls walkthrough, or request a signed DPA.