Trust Center

Trust is built with clear boundaries and verifiable commitments. This page is procurement-ready and intentionally conservative: if a certification is not complete, we mark it as not complete.

Certification status

Status values are strictly limited to Certified, In progress, and Planned.

Program	Status	Notes
External certifications (current)	Certified	None currently issued. We do not represent any unearned certificate or attestation.
SOC 2 Type II	In progress	Control mapping and audit preparation are in progress. No report has been issued yet.
ISO/IEC 27001	Planned	Planned after SOC 2 readiness milestones are completed.
ISO/IEC 27701	Planned	Planned as an extension to privacy governance after core ISMS maturity.

DPA request flow

Submit your request at /dpa or email legal@alabobai.com.
We confirm intake within 1 business day and route to legal/security.
We provide the current DPA template and subprocessors list for review.
Redlines are reviewed with enterprise stakeholders and resolved in writing.
Final signature can be completed before production data onboarding.

Security contact and SLA

Primary channel: security@alabobai.com
Initial acknowledgement SLA: within 24 hours on business days
High-severity security reports: triage begins immediately after validation
Status updates: at least every 24 hours for active high-severity incidents

Incident disclosure policy

Confirmed incidents affecting customer data are disclosed without undue delay.
Target initial customer notice window: within 72 hours of confirmation when legally required.
Disclosure includes impact scope, affected data classes, mitigation, and next updates.
Post-incident review and corrective actions are documented and tracked to completion.

Subprocessors