All security, privacy, and compliance documents consolidated for procurement, legal, and security teams. Bookmark this page for your vendor risk questionnaires.
All SOC 2 controls are implemented and production-ready. Formal external audit engagement is underway for H2 2026 certification. G8KEPR discloses this status transparently — contact us for our current controls evidence package.
All documents available immediately — no NDA required for standard references. Enterprise agreements and audit reports available under NDA.
Privacy Policy
How we collect, use, and protect your data
Terms of Service
Terms governing use of G8KEPR services
Data Processing Agreement (DPA)
GDPR-compliant DPA; sign online or request enterprise MSA version
Master Service Agreement (MSA)
Available for enterprise customers — contact sales
Subprocessors List
All third-party sub-processors we use and their regions
Security Overview
Controls, encryption standards, incident response overview
Security Whitepaper
In-depth architecture, threat model, and control mapping
SOC 2 Type II Readiness
Current control status — external audit engagement H2 2026
Vulnerability Disclosure Policy (VDP)
How to report security issues responsibly
Incident Response Policy
How we detect, respond to, and communicate incidents
At-a-glance summary for security questionnaires
TLS 1.3 in transit · AES-256 at rest · Ed25519 signing keys in HSM
Hash-chained tamper-proof logs · Immutable row trigger · 1-year retention
RBAC with org-level isolation · MFA enforced · JWT RS256 rotation 90d
Internal security review 2026-04 · 0 Critical / 0 High findings · Third-party engagement scheduled Q3 2026
US-East (NYC3) standard · EU-West (AMS3) planned Q3 2026 · Self-host option
< 1 hour detection SLA · Customer notification within 24h · Status page coming Q3 2026
Need custom questionnaire responses, additional audit artifacts, or a security call? Our security team responds within one business day.