Trust center
Everything an auditor would ask us on day one, in one place.
Security overview→Privacy policy→Data Processing Addendum→Service Level Agreement→Terms of Service→Cookies→
Attestations and certifications
Simple Intelligence is pursuing the following attestations for Simple Council:
- SOC 2 Type 2 — Type 1 readiness assessment in progress; Type 2 observation window planned for the second half of 2026.
- ISO/IEC 27001 — gap assessment scheduled.
- Microsoft Solutions Partner for Security — active.
- Microsoft Intelligent Security Association — application planned post-GA when three joint customers are live.
Customers under non-disclosure may request a copy of the most recent readiness report at trust@simpleintelligence.io.
Blueprint coverage
Simple Council ships blueprints for ISO 42001, EU AI Act, NIST AI RMF, HIPAA, HITRUST, FFIEC, SR 11-7, FINRA, CMMC L2, FEDRAMP, and SOC 2. Custom blueprints are available on Growth and above.
Engineering practices
- Multi-tenant isolation asserted in CI on every change via the §18 Playwright suite (a canary agent in a second tenant must never appear in the first tenant's pages or in the auditor export).
- Every operator action writes an AuditLog row; every MCP call writes a McpAudit row.
- Evidence is append-only and SHA-256 chained per (agent, control). Chain breaks are surfaced at the top of every auditor export.
Coordinated disclosure
Email security@simpleintelligence.io. We acknowledge within two business days and aim to publish a fix within 90 days of validated reports.