Trust center
Compliance, policies, reports.
One page for security and compliance teams. Status of every standard we're audited against, the policies that govern our handling of your data, and the reports available on request.
Compliance status
What we're audited against.
SOC 2 Type II
activeSecurity, Availability, Confidentiality. Renewed February 2026.
ISO/IEC 27001:2022
activeISMS scope covers Spaceflow Core and the MCP Gateway. Issued November 2025.
TISAX AL 3
activeAutomotive supplier requirement. Issued January 2026.
GDPR
compliantController and processor for EU data subjects.
KVKK
compliantTurkish data protection (Kanun No. 6698).
ISO/IEC 42001
in progressAI Management System. Target Q3 2026.
Policies
The documents that govern how we handle your data.
Privacy policy
How we collect, use, and protect personal data.
Read →Terms of service
The contract that governs use of the product.
Read →KVKK notice
Turkish data subject rights notice.
Read →Security architecture
Technical detail on how agents stay safe.
Read →Audit log coverage
What gets logged and how it stays tamper-evident.
Read →
Reports
Available on request.
SOC 2 Type II report
Full report under NDA. Available with a workspace or via your account contact.
ISO/IEC 27001 certificate
Public certificate available on request.
TISAX AL 3 confirmation
Shareable via the ENX portal. Send your TISAX participant ID.
Penetration test summary
Executive summary of the most recent external pentest, under NDA.
To request any report or arrange a call with the security team, book a demo and mention what you need in the form.