Vairity is designed for buyers whose security, compliance, and procurement teams must sign off before code goes near production. This page is the single front door for those reviews — compliance status, sub-processors, data-processing terms, business continuity, and how to reach the right contact on our side of the table.
Need deeper technical posture (architecture, encryption, audit-chain mechanics)? See /security.
In progress. Built to SOC 2 criteria from architecture inception — audit logs, access controls, change management, and availability monitoring all in the platform today.
Ready. Standard Contractual Clauses available. Regional residency options for enterprise deployments. Data-subject rights honored within statutory timelines.
Aligned. PHI-aware workflow templates, BAA-ready deployment patterns. Self-hosted and single-tenant deployments keep PHI in customer-controlled infrastructure.
Honored. Global Privacy Control and Do Not Track signals respected on the marketing site. Customer data rights governed by the DPA.
Planned. Control mapping in CONTROL covers ISO 27001 Annex A categories; formal certification on roadmap.
Oriented. Self-hosted and air-gapped deployment patterns; control-schema mapping in BUILD for public-sector evaluations.
Vairity supports self-hosted, single-tenant VPC, and SaaS deployments. For self-hosted and VPC, customer workflow data and AI inputs/outputs remain in customer-controlled infrastructure. For SaaS evaluations, data is isolated by tenant with regional residency options. Specific architecture diagrams and threat models are available under NDA during enterprise evaluation.
A current sub-processor list (email delivery, error monitoring, customer-support tooling, cloud hosting) is shared under NDA during procurement review. We notify customers under contract of material changes.
The Vairity DPA is available for execution alongside the Customer Agreement. It includes Standard Contractual Clauses, the sub-processor schedule, and security controls aligned to ISO 27001 Annex A.
Documented BCP and incident-response runbooks. Customer notification timelines specified in the DPA. Status communication via direct channel for design-partner customers; status page on roadmap for general availability.
We welcome responsible disclosure. Report security issues to contact@vairity.ai. We acknowledge within one business day and coordinate fixes in good faith.
We respond within one business day and route to the right person on our side — engineering for technical posture questions, legal for contract artifacts, the founder for anything strategic.