Public controls for product-grade automation
This page separates published controls, programs in progress, design references, and customer-specific obligations. SOC 2 and ISO 27001 are shown as in progress—not completed certifications.
Controls mapped to evidence paths
01
SOC 2 Type II
02
GDPR coverage
03
TLS 1.3 / AES-256
Policy routes published
DPA and privacy review path
Security evidence queue
Incident response owner
Baseline
Buyer review and evidence surface
13
Standards tracked
TLS 1.3
In transit
AES-256
At rest
Public
Security reporting route

Trust operations
Security posture should be visible as infrastructure, evidence, and review gates.
A professional trust view for enterprise buyers: encryption, access control, audit evidence, incident response, and governance controls mapped into one operating model.
Governance control loop
Live modelIdentity
Zero telemetry
Policy
Encrypted comms
Audit
Review gates
Evidence
Zero telemetry
Signal
Zero telemetry
Signal
Encrypted comms
Signal
Review gates
The public baseline is explicit
These are the headline controls currently visible across the public security, privacy, and legal pages, presented as reviewable evidence paths.
Control programme
SOC 2 Type II
Security, availability, and confidentiality controls with evidence collection in motion.
Privacy routes
GDPR coverage
Public privacy policy, DPA request path, and DPO contact routes for buyer review.
Data protection
TLS 1.3 / AES-256
Published transport and at-rest encryption targets; configuration and evidence are verified for each product and deployment.
The published control set
The public security policy outlines concrete practices rather than abstract promises. These are the highest-signal themes.
Encryption
- TLS 1.3 for data in transit
- AES-256 for data at rest
- Encrypted databases and backups
Access & Identity
- MFA for administrative access
- Least-privilege role-based access
- Regular access reviews
Monitoring & Infrastructure
- Traffic and anomaly monitoring under the product-specific operating model
- Firewall and DDoS protections
- Secure cloud infrastructure posture
Secure Development
- Security-focused code reviews
- Static analysis and dependency patching
- Vulnerability scanning and patch management
Standards aligned, programmes in flight, roadmap on the table.
The matrix below shows our current posture across security, privacy, AI governance, operational continuity, and sector-specific controls. Filter by category for the parts that matter to your procurement review.
Last reviewed 2026-07-12
| Standard | Scope | Status | Evidence |
|---|---|---|---|
TLS 1.3 in transit Security | Public and service transport where supported | ✓Aligned | Published control target; endpoint evidence available during review |
Encryption at rest Security | Customer data, model artifacts, and audit records | ✓Aligned | Published design control; deployment scope verified per product |
SOC 2 Type II Security | Service Organization Controls | ◐In progress | Programme in progress; no completed attestation claimed |
ISO/IEC 27001 Security | Information security management system | ◐In progress | Programme in progress; no certification claimed |
Vulnerability disclosure Operational | Published security contact and intake route | ✓Aligned | security@neuraparse.com is the public reporting channel |
Incident response Operational | Detection, triage, containment, communication, and review | ◐In progress | Evidence and contractual response details are reviewed per service |
GDPR / UK GDPR Privacy | Privacy notice, data-subject requests, and customer processing scope | ✓Aligned | Policy and legal request routes published; obligations assessed per role |
Data processing terms Privacy | Controller, processor, subprocessors, retention, and transfer | ◐In progress | Customer-specific review through legal@neuraparse.com |
NIST AI Risk Management Framework AI Governance | AI context, measurement, management, and governance | ✓Aligned | Used as a design and assessment reference; not a certification |
NATO Responsible-Use Principles AI Governance | Defense-AI lawfulness, accountability, traceability, reliability, governability, and bias | ✓Aligned | Used as a public requirements reference; no NATO certification claimed |
EU AI Act readiness AI Governance | Role, risk classification, data, transparency, oversight, robustness, and monitoring | →On roadmap | Legal and product assessment required for each use case |
Healthcare / medical-device obligations Sector-specific | PHI, intended use, clinical validation, QMS, and market authorization | →On roadmap | Customer- and product-specific pathway; no blanket HIPAA/FDA/CE claim |
Defense / export obligations Sector-specific | Data classification, end use, parties, technology, and jurisdiction | →On roadmap | Case-by-case legal and customer review required |
Legend
Need a specific attestation, DPA, or sub-processor list? Email security@neuraparse.com with the procurement contact and we'll route the right document.
Policies are publicly navigable
The live public stack includes dedicated pages for privacy, terms, cookies, DPA, security, and contact routing. That makes the trust surface easier to inspect and easier to use.
Privacy policy
Published with GDPR and CCPA framing, Google API data-use notes, and direct privacy contacts.
Legal hub
One public place to reach privacy, terms, cookies, DPA, and security policy material.
Incident response
The public security policy lists response procedures, recovery steps, and breach-notification commitments.
Enterprise routes
Custom paperwork, security questionnaires, and compliance follow-ups are routed through dedicated contact paths.
R01
Read the security policy
Review the current public security commitments and operational controls.
R02
Browse the legal hub
Open privacy, terms, cookies, DPA, and related policy pages from one place.
R03
Contact the security team
Use the direct route for vulnerability reports and security-specific questions.
R04
Privacy / legal requests
Use the published legal channel for compliance and governance questions.
Need a deeper review?
Use the published contact routes for support, security, privacy, or a guided NowFlow demo tailored to your stack.