Trust & Architecture

Compliance Roadmap

Where we are. Where we're going. Honestly stated.

Family fund counsel expect specific certifications. We publish our current state — what's complete, what's in progress, what's planned — so counsel can evaluate honestly before conversations begin. We do not claim certifications we have not yet earned.

CertificationStatusNotes

SOC 2 Type 2In ProgressVendor engaged. Audit cycle initiated.

ISO 42001 (AI Management)PlannedFramework adoption begins parallel to SOC 2.

GDPR ComplianceIn ProgressDocumentation underway. Multi-jurisdictional architecture supports compliance.

CCPA / CPRAIn ProgressCalifornia exposure addressed in architecture.

HIPAA ReadinessPlannedFor family funds with healthcare-adjacent holdings.

ISO 27001 (Information Security)PlannedSequenced after SOC 2 completion.

Penetration TestingPlannedThird-party engagement post platform stabilization.

State Privacy Patchwork MonitoringIn Progress50+ state regimes tracked continuously.

Architectural Compliance Foundations

Compliance certifications confirm what architecture already delivers. Our architecture is designed compliance-ready from the foundation: tenant isolation enforced via row-level security, customer-controlled encryption, audit trails per tenant, cryptographic deletion attestation, role-based access control. Certifications validate the architecture; the architecture is built compliance-first.

Counsel Access

Family fund counsel reviewing the architecture before adoption can request access to our security documentation, audit trail samples, and architectural diagrams. Architecture is built for review.

← Back to Trust Overview