Skip to main content
gavAI’s SOC 2 program is in active scoping. We use Comp AI for evidence collection across the Type II control catalog, and our target is a Type I attestation followed by a Type II observation window.

Current status

ItemStatus
Evidence-collection toolingLive (Comp AI)
Control catalogScoped against Trust Services Criteria (Security + Availability + Confidentiality)
Type I reportIn progress
Type II observation windowAfter Type I

What customers can verify today

  • Banned-pattern audit baseline at docs/audits/2026-05-17-banned-patterns.md (zero production violations of unsafe auth, CORS, postMessage, eval primitives).
  • Tenant audit log on every workspace at /console/activity (member RLS scoped).
  • Tamper-evident hash chain on tenant_audit_log (migration 96) with nightly verification.

What’s coming

When the Type I report is final, this page will link to the bridge letter + redacted report (NDA on request).

Contact

compliance@gavai.io for vendor-risk questionnaires, gap-analysis sessions, or audit-evidence requests.