SOC 2 Type II
PlannedTargeted for enterprise gateway customers. Controls mapping in progress against ozDNA platform modules.
Transparency for security, legal, and procurement teams evaluating ozDNA. We do not claim certifications we have not earned — status below reflects our current roadmap and in-flight work.
Certification status — updated as programs progress. No badge represents a completed audit unless explicitly marked.
Targeted for enterprise gateway customers. Controls mapping in progress against ozDNA platform modules.
Information security management system design aligned with Findbelow Ventures group policy.
Data processing agreements, subprocessors list, and retention policies under active review.
Turkey data protection alignment — priority for ComplyDNA and TR production workloads.
Model routing policies, prompt registry audit trails, and human-in-the-loop controls for RegTech workflows.
ozDNA is vertical AI infrastructure — gateway, model router, RAG layer, and cost engine — operated by Findbelow Ventures. Security is built into the platform architecture: authenticated API access, rate limits, audit trails, and least-privilege defaults. Technical details: Security page.
Marketing and documentation are served via Netlify CDN with HTTPS enforced. Platform API runs on containerized infrastructure with environment-separated sandbox and production endpoints.
| Layer | Provider / approach | Status |
|---|---|---|
| Web & docs | Netlify CDN, TLS 1.2+ | Live |
| API gateway | ozDNA platform (Hono / Node) | Live |
| Database | SQLite (dev) → managed Postgres (prod roadmap) | In Progress |
| LLM providers | OpenAI and routed providers via API | Live |
| VPC / dedicated deployment | Enterprise option | Roadmap |
All customer-facing endpoints require HTTPS. API keys are stored as salted hashes — raw keys are shown once at creation and never persisted in plaintext. See Encryption at Rest and Encryption in Transit.
ozDNA processes text submitted to the detect API and metadata required for billing, routing, and audit. We minimize retention and design for vertical modes (academic, legal, financial) with different sensitivity profiles.
Access to ozDNA platform resources is scoped by organization, project, and API key. Enterprise roadmap includes SSO, RBAC, and environment isolation.
| Control | Description | Status |
|---|---|---|
| API key auth | Bearer tokens, prefix-scoped, revocable | Live |
| Rate limits | Per-key quotas at gateway | Live |
| RBAC | Role-based dashboard access | Roadmap |
| SSO (SAML/OIDC) | Enterprise identity providers | Planned |
| Data residency | EU / TR region options | Roadmap |
Every authenticated API request passes through the ozDNA gateway with request ID tracing. The observability module records audit events for authentication, RAG operations, and compliance workflows.
Findbelow Ventures maintains an incident response process for security events affecting ozDNA infrastructure and customer data.
Production roadmap includes automated backups, multi-region failover for the API gateway, and defined recovery time objectives (RTO) and recovery point objectives (RPO) for enterprise customers.
| Objective | Target (enterprise roadmap) | Status |
|---|---|---|
| RTO | < 4 hours (API gateway) | Roadmap |
| RPO | < 1 hour (transactional data) | Roadmap |
| Backup testing | Quarterly restore drills | Planned |
ozDNA is designed for production vertical AI workloads where downtime directly impacts customer revenue. Business continuity planning covers provider failover, model routing fallbacks, and cost-engine degradation modes.
We publish our compliance program status honestly. Timelines shift based on customer demand and audit readiness — contact us for current estimates.
ozDNA is operated by Findbelow Ventures. References to SOC 2, ISO 27001, GDPR, KVKK, or AI governance frameworks describe program status — not completed certifications unless explicitly stated otherwise.
Procurement, legal, and security teams — request our security questionnaire or schedule a trust review call.