Security & compliance
for production AI

Transparency for security, legal, and procurement teams evaluating ozDNA. We do not claim certifications we have not earned — status below reflects our current roadmap and in-flight work.

Compliance roadmap

Certification status — updated as programs progress. No badge represents a completed audit unless explicitly marked.

SOC 2 Type II

Planned

Targeted for enterprise gateway customers. Controls mapping in progress against ozDNA platform modules.

ISO 27001

Roadmap

Information security management system design aligned with Findbelow Ventures group policy.

GDPR

In Progress

Data processing agreements, subprocessors list, and retention policies under active review.

KVKK

In Progress

Turkey data protection alignment — priority for ComplyDNA and TR production workloads.

AI Governance

Coming Soon

Model routing policies, prompt registry audit trails, and human-in-the-loop controls for RegTech workflows.

01

Security Overview

ozDNA is vertical AI infrastructure — gateway, model router, RAG layer, and cost engine — operated by Findbelow Ventures. Security is built into the platform architecture: authenticated API access, rate limits, audit trails, and least-privilege defaults. Technical details: Security page.

  • Private beta with invite-only API keys (ozdna_sk_test_ / ozdna_sk_live_)
  • Per-request authentication at the AI gateway before any inference
  • Segment-level detect API — no detection-evasion or humanization endpoints
  • Production discipline validated on live workloads at TezMakale
Status: Core gateway security active in platform. Formal third-party penetration test — Planned.
02

Infrastructure

Marketing and documentation are served via Netlify CDN with HTTPS enforced. Platform API runs on containerized infrastructure with environment-separated sandbox and production endpoints.

LayerProvider / approachStatus
Web & docsNetlify CDN, TLS 1.2+Live
API gatewayozDNA platform (Hono / Node)Live
DatabaseSQLite (dev) → managed Postgres (prod roadmap)In Progress
LLM providersOpenAI and routed providers via APILive
VPC / dedicated deploymentEnterprise optionRoadmap
03

Encryption

All customer-facing endpoints require HTTPS. API keys are stored as salted hashes — raw keys are shown once at creation and never persisted in plaintext. See Encryption at Rest and Encryption in Transit.

  • In transit: TLS for ozdna.com, API endpoints, and provider connections
  • At rest: Provider-native encryption for database and object storage (production migration)
  • Secrets: Environment-scoped configuration — no secrets in client-side code or public repos
04

Data Protection

ozDNA processes text submitted to the detect API and metadata required for billing, routing, and audit. We minimize retention and design for vertical modes (academic, legal, financial) with different sensitivity profiles.

  • Data minimization — only fields required for the requested workflow
  • Retention policies per corpus and workflow — configurable for enterprise
  • Subprocessor transparency — documented in DPA (draft in progress)
  • KVKK and GDPR alignment prioritized for ComplyDNA customers
Privacy policy: Privacy Policy · Questions: privacy@ozdna.com
05

Access Control

Access to ozDNA platform resources is scoped by organization, project, and API key. Enterprise roadmap includes SSO, RBAC, and environment isolation.

ControlDescriptionStatus
API key authBearer tokens, prefix-scoped, revocableLive
Rate limitsPer-key quotas at gatewayLive
RBACRole-based dashboard accessRoadmap
SSO (SAML/OIDC)Enterprise identity providersPlanned
Data residencyEU / TR region optionsRoadmap
06

Audit Logging

Every authenticated API request passes through the ozDNA gateway with request ID tracing. The observability module records audit events for authentication, RAG operations, and compliance workflows.

  • X-Request-Id on all API responses for trace correlation
  • Prompt hash and model ID captured per inference for reproducibility
  • RAG ingest, retrieve, and eval events logged with org scope
  • Exportable audit logs for enterprise — In Progress
07

Incident Response

Findbelow Ventures maintains an incident response process for security events affecting ozDNA infrastructure and customer data.

Formal IR runbook & SLA: Planned for Enterprise tier.
08

Disaster Recovery

Production roadmap includes automated backups, multi-region failover for the API gateway, and defined recovery time objectives (RTO) and recovery point objectives (RPO) for enterprise customers.

ObjectiveTarget (enterprise roadmap)Status
RTO< 4 hours (API gateway)Roadmap
RPO< 1 hour (transactional data)Roadmap
Backup testingQuarterly restore drillsPlanned
09

Business Continuity

ozDNA is designed for production vertical AI workloads where downtime directly impacts customer revenue. Business continuity planning covers provider failover, model routing fallbacks, and cost-engine degradation modes.

  • Model router fallback chains — primary and secondary model per workflow
  • Provider outage handling via configurable routing rules
  • Status page for platform availability — /status
  • BCP documentation for enterprise procurement — Planned
10

Compliance Roadmap

We publish our compliance program status honestly. Timelines shift based on customer demand and audit readiness — contact us for current estimates.

Q3 2026 GDPR / KVKK data processing documentation · AI governance framework draft · Penetration test scoping In Progress
Q4 2026 SOC 2 Type II readiness assessment · Subprocessor registry · Enterprise DPA templates Planned
2027 ISO 27001 alignment · ComplyDNA regulatory corpus certifications · VPC deployment option Roadmap

ozDNA is operated by Findbelow Ventures. References to SOC 2, ISO 27001, GDPR, KVKK, or AI governance frameworks describe program status — not completed certifications unless explicitly stated otherwise.

Enterprise security review?

Procurement, legal, and security teams — request our security questionnaire or schedule a trust review call.