Skip to content
000TRUST & SECURITY

Public controls for product-grade automation

This page separates published controls, programs in progress, design references, and customer-specific obligations. SOC 2 and ISO 27001 are shown as in progress—not completed certifications.

SOC 2 · IN PROGRESSISO 27001 · IN PROGRESSGDPR POLICY PATHTLS 1.3 TARGETSECURITY CONTACTSTATUS-LABELLED
Trust operations

Controls mapped to evidence paths

NP

01

SOC 2 Type II

02

GDPR coverage

03

TLS 1.3 / AES-256

01

Policy routes published

02

DPA and privacy review path

03

Security evidence queue

04

Incident response owner

Baseline

Buyer review and evidence surface

Published

Standards tracked

In transit

At rest

Security reporting route

Modern enterprise data center corridor with high-density server racks

A professional trust view for enterprise buyers: encryption, access control, audit evidence, incident response, and governance controls mapped into one operating model.

TLS 1.3 / AES-256
Audit evidence
Governance controls
Live model
1

Identity

Zero telemetry

2

Policy

Encrypted comms

3

Audit

Review gates

4

Evidence

Zero telemetry

Signal

Zero telemetry

Signal

Encrypted comms

Signal

Review gates

001Operational commitments

These are the headline controls currently visible across the public security, privacy, and legal pages, presented as reviewable evidence paths.

01In progress

Control programme

SOC 2 Type II

Security, availability, and confidentiality controls with evidence collection in motion.

02Published

Privacy routes

GDPR coverage

Public privacy policy, DPA request path, and DPO contact routes for buyer review.

03Product-scoped

Data protection

TLS 1.3 / AES-256

Published transport and at-rest encryption targets; configuration and evidence are verified for each product and deployment.

002Security practices

The public security policy outlines concrete practices rather than abstract promises. These are the highest-signal themes.

01

Encryption

  • TLS 1.3 for data in transit
  • AES-256 for data at rest
  • Encrypted databases and backups
02

Access & Identity

  • MFA for administrative access
  • Least-privilege role-based access
  • Regular access reviews
03

Monitoring & Infrastructure

  • Traffic and anomaly monitoring under the product-specific operating model
  • Firewall and DDoS protections
  • Secure cloud infrastructure posture
04

Secure Development

  • Security-focused code reviews
  • Static analysis and dependency patching
  • Vulnerability scanning and patch management
003Compliance posture

The matrix below shows our current posture across security, privacy, AI governance, operational continuity, and sector-specific controls. Filter by category for the parts that matter to your procurement review.

Last reviewed 2026-07-12

SecurityPublic and service transport where supportedPublished control target; endpoint evidence available during review
SecurityCustomer data, model artifacts, and audit recordsPublished design control; deployment scope verified per product
SecurityService Organization ControlsProgramme in progress; no completed attestation claimed
SecurityInformation security management systemProgramme in progress; no certification claimed
OperationalPublished security contact and intake routesecurity@neuraparse.com is the public reporting channel
OperationalDetection, triage, containment, communication, and reviewEvidence and contractual response details are reviewed per service
PrivacyPrivacy notice, data-subject requests, and customer processing scopePolicy and legal request routes published; obligations assessed per role
PrivacyController, processor, subprocessors, retention, and transferCustomer-specific review through legal@neuraparse.com
AI GovernanceAI context, measurement, management, and governanceUsed as a design and assessment reference; not a certification
AI GovernanceDefense-AI lawfulness, accountability, traceability, reliability, governability, and biasUsed as a public requirements reference; no NATO certification claimed
AI GovernanceRole, risk classification, data, transparency, oversight, robustness, and monitoringLegal and product assessment required for each use case
Sector-specificPHI, intended use, clinical validation, QMS, and market authorizationCustomer- and product-specific pathway; no blanket HIPAA/FDA/CE claim
Sector-specificData classification, end use, parties, technology, and jurisdictionCase-by-case legal and customer review required
AlignedIn progressOn roadmapNot applicable

Need a specific attestation, DPA, or sub-processor list? Email security@neuraparse.com with the procurement contact and we'll route the right document.

004Compliance & legal

The live public stack includes dedicated pages for privacy, terms, cookies, DPA, security, and contact routing. That makes the trust surface easier to inspect and easier to use.

01

Privacy policy

Published with GDPR and CCPA framing, Google API data-use notes, and direct privacy contacts.

02

Legal hub

One public place to reach privacy, terms, cookies, DPA, and security policy material.

03

Incident response

The public security policy lists response procedures, recovery steps, and breach-notification commitments.

04

Enterprise routes

Custom paperwork, security questionnaires, and compliance follow-ups are routed through dedicated contact paths.

Deeper review

Use the published contact routes for support, security, privacy, or a guided NowFlow demo tailored to your stack.