> ## Documentation Index
> Fetch the complete documentation index at: https://docs.gavai.io/llms.txt
> Use this file to discover all available pages before exploring further.

# SOC 2

> gavAI's SOC 2 program status

gavAI's SOC 2 program is in active scoping. We use Comp AI for evidence collection across the Type II control catalog, and our target is a Type I attestation followed by a Type II observation window.

## Current status

| Item                        | Status                                                                             |
| --------------------------- | ---------------------------------------------------------------------------------- |
| Evidence-collection tooling | Live (Comp AI)                                                                     |
| Control catalog             | Scoped against Trust Services Criteria (Security + Availability + Confidentiality) |
| Type I report               | In progress                                                                        |
| Type II observation window  | After Type I                                                                       |

## What customers can verify today

* Banned-pattern audit baseline at `docs/audits/2026-05-17-banned-patterns.md` (zero production violations of unsafe auth, CORS, postMessage, eval primitives).
* Tenant audit log on every workspace at `/console/activity` (member RLS scoped).
* Tamper-evident hash chain on `tenant_audit_log` (migration 96) with nightly verification.

## What's coming

When the Type I report is final, this page will link to the bridge letter + redacted report (NDA on request).

## Contact

`compliance@gavai.io` for vendor-risk questionnaires, gap-analysis sessions, or audit-evidence requests.
