Skip to main content
DataVibe
SolutionsPricingResearchDocsAbout
Log inBook a DemoRequest API Access

Trust Center

How DataVibe earns the trust enterprises require.

DataVibe is an AI Execution Security Gateway — every approval, dispatch, and policy change runs through audited, replayable infrastructure. This page tells security and compliance teams exactly how that works without requiring an NDA.

DataVibe Certified AI Governance

Certification transforms governance from internal tooling into externally verifiable trust. Workspaces that meet six deterministic criteria receive a public verification URL and embeddable badge for procurement and trust centers.

  • 90+ days of production gate traffic
  • Zero unresolved BLOCK violations in the last 30 days
  • Intact audit chain and custom governance policy authored
  • 95%+ SLA compliance and tested legal-hold infrastructure
Public verify URL: datavibe.cc/verify/[cert-id]Enterprise Shield (requires active certification) →

Operational rigor

Every approval flows through a circuit-breakered dispatch pipeline with exponential backoff, dead-letter persistence, and per-provider failure isolation. Operators can manually replay dead letters; nothing silently drops.

  • Architecture overview →

Cryptographic verifiability

All inbound webhooks (Slack, HubSpot, Intercom, Teams, generic email intake) are HMAC-SHA256 verified with per-workspace secrets, a five-minute replay window, and constant-time comparison. Outbound webhooks ship X-Datavibe-Signature + X-Datavibe-Delivery-Id headers.

Multi-tenant isolation

Workspace ownership is enforced at the database boundary on every read and write. A continuous tenant-isolation audit scans for orphan rows or cross-workspace references and surfaces findings to platform operators.

Immutable audit trail

Every approval, rejection, dispatch, policy change, and assignment writes to an append-only audit log with actor + resource + IP attribution. Workspace owners can export the full log as JSON/NDJSON on demand (Pro+).

  • Security policy →

Incident response

Real incidents are tracked first-class with root-cause, blast-radius, and resolution-notes fields. The /status page is wired off live data — uptime over rolling 90 days, open incidents, and component health update automatically.

  • Live status →

AI governance forensics

Every gate decision is replayable. The flight recorder rebuilds the scanner timeline against any historical payload using the current published policy, enabling postmortems, compliance reviews, and policy tuning after the fact.

Governed category contract

DataVibe publishes a formal governance coverage contract listing every enforced category, the exact rule IDs, severity semantics, adversarial test evidence, and explicit documented limitations. Governed categories are deterministically enforced and replay validated — not vague AI-safety claims.

  • Governance model →
  • Integration docs →

Certifications & compliance roadmap

We're transparent about where we are. We publish what's live, what's in audit, and what's on the roadmap so buyers can plan around real timelines.

  • SOC 2 Type I

    Type I audit scoped Q3 2026; gap analysis complete.

    In progress

  • SOC 2 Type II

    Sustained-controls audit follows ~6 months after Type I.

    On roadmap

  • HIPAA BAA

    Available on Enterprise once Type II is complete; PHI-grade dispatch providers required.

    On roadmap

  • ISO 27001

    Roadmap dependency on SOC 2 Type II completion.

    On roadmap

  • GDPR + UK DPA

    DPA addendum available on request. Data residency controls live for EU customers.

    Live

Subprocessors

We use a small, deliberately chosen set of subprocessors. New subprocessors are announced 30 days in advance via email to all customer security contacts.

SubprocessorPurposeRegion
VercelDashboard + landing site hosting (Edge + Node runtime)Multi-region
RenderCore API service (Python FastAPI)us-east / eu-west
NeonManaged Postgres (workspaces, policies, audit log)Customer-selectable
CloudflareDNS, WAF, edge cache, R2 for asset storageGlobal
StripeBilling + subscription stateus-east / eu-west
Resend / SendGridOutbound notification emailus-east
SentryApplication error monitoring (PII scrubbed)us-west
Logtail / Better StackStructured log aggregationus-east

Audit log export

Every governance event is exportable as JSON/NDJSON for downstream SIEM ingestion.

Integration docs →

DPA / BAA

Data Processing Addendum is available on request; HIPAA BAA shipping on Enterprise after Type II.

View DPA →

Penetration test summary

Annual external pentest summary available to customers under MNDA.

Request summary →

Live operational status

Real-time uptime, open incidents, and component health derived directly from our SystemEvent stream.

Open status page →

Questions for the security or compliance team? Email [email protected]. We acknowledge within one business day.

Enterprise tier (post-pilot): workspace SSO/OIDC, private Core API region, async semantic scanner tier. Contact [email protected] for roadmap timing.

DataVibe

DataVibe is AI output governance infrastructure — the layer between AI systems and business operations. Runtime policy gates, human oversight, immutable evidence, public certification, and Enterprise Shield indemnification for valid claims.

Need help? Use our contact form.

Product

Agentic AIEU AI ActEnterprise ShieldGovernancePricing

Resources

Integration guideBlogCase StudiesChangelog

Company

AboutContactStatusSecurity

Legal

TermsPrivacyDPASLA

Get started

Request API AccessBook a DemoContact

© 2026 DataVibe

Trust CenterStatusArchitecturePrivacy PolicySecurityTerms Of UseCookie PolicyDPA