Current status
| Item | Status |
|---|---|
| Evidence-collection tooling | Live (Comp AI) |
| Control catalog | Scoped against Trust Services Criteria (Security + Availability + Confidentiality) |
| Type I report | In progress |
| Type II observation window | After Type I |
What customers can verify today
- Banned-pattern audit baseline at
docs/audits/2026-05-17-banned-patterns.md(zero production violations of unsafe auth, CORS, postMessage, eval primitives). - Tenant audit log on every workspace at
/console/activity(member RLS scoped). - Tamper-evident hash chain on
tenant_audit_log(migration 96) with nightly verification.
What’s coming
When the Type I report is final, this page will link to the bridge letter + redacted report (NDA on request).Contact
compliance@gavai.io for vendor-risk questionnaires, gap-analysis sessions, or audit-evidence requests.