We did the hard work before legal asked.
A trust posture designed for security teams, compliance officers, and platform reviewers — not for marketing pages. What follows is what they need to read.
Sequenced.
Per-operation ed25519. Append-only chain. Locally verifiable.
Always.
Customer-managed keys on Enterprise. HSM-backed. Rotatable.
you say.
EU, US, IN regions today. Any region on request.
option.
Run the control plane inside your network. Identical reviewer flow.
Mapped to the standards your reviewer cares about.
Status today. Roadmap stated, not implied. The mapping documents are available under NDA.
| Standard | Status | Audit cadence | Mapping doc |
|---|---|---|---|
| SOC 2 Type II | certified | Annual | Available under NDA |
| ISO 27001 | certified | Annual | Available under NDA |
| ISO 27701 (privacy) | certified | Annual | Available under NDA |
| GDPR (EU) | compliant | Continuous | Public summary |
| HIPAA (US healthcare) | BAA available | Continuous | BAA on request |
| PCI-DSS scope reduction | guidance | — | Architecture briefing |
| DORA (EU financial) | aligned | Continuous | Available under NDA |
| FedRAMP Moderate | in process | — | Q4 2026 (planned) |
A chain you can verify without us in the room.
Audit on Ejenix is not a logging system. It is a per-operation signed, append-only record, designed to be verifiable locally with an open-source verifier we publish.
What is recorded
- Every patch authoring, publication, promotion, hold, override, and rollback
- Every cohort definition, version, retirement
- Every policy gate evaluation and outcome
- Every reviewer-packet generation
- Every key usage with fingerprint and signer identity
What is not recorded
- End-user device identifiers (we cohort on hashes, not IDs)
- End-user content or PII
- Source code (the patch artifact is referenced by hash, not stored as code)
A bundle reviewers actually open.
Whatever the scope — one patch, one quarter, one incident — Ejenix produces a signed bundle your auditor can verify locally. We publish the verifier; we do not need to be involved in the review.
What's inside
- manifest.json — scope, identities, key fingerprints
- chain.log — full operation chain with signatures
- cohorts.yml — cohort predicates & reach estimates
- policy.eval — gate evaluations & outcomes
- perf.posture — cold-start, binary, runtime budgets
- signatures/ — detached per-op signatures
Total size of a typical quarter: under 5 MB. Verification time: under 2 seconds on a laptop.
What we will brief your team on
- Trust posture & threat model
- Signed-audit format & verifier walk-through
- Key custody & rotation
- Data residency & tenancy options
- Eligibility gating policy
- Incident-response process
For deeper architectural questions, see the private briefing — these stay under technical NDA.
What we will not publish on a website.
Trust does not require us to reveal the engine. The reviewer packet is enough for due diligence; the architecture briefing is enough for technical review.
What we publish
- Trust posture & threat model
- Signed-audit specification
- Public-safe verifier (open source)
- Compliance summaries
- Workflow & operational documentation
What we brief, under NDA
- Engine internals
- Compiler & runtime mechanism
- Artifact format details
- Execution-path naming
- Available to your security & platform reviewers only.
Bring the team that has to sign off.
CISO, head of compliance, platform reviewer. One 60-minute session, NDA up front, technical answers without marketing language. We do this twice a week.
- Architecture walk-through under NDA
- Reviewer-packet verification, live
- Key-custody & rotation walkthrough
- Threat-model Q&A
- Compliance mapping for your context