Security & Compliance

Built on trust.
Verified by evidence.

Real-time security and compliance status for the AAMOS platform. No marketing. Just facts.

/100
Loading…
Weighted composite of SOC2, ISO 27001, GDPR, EU AI Act, and infrastructure security posture.
Uptime (30d)
AWS eu-north-1
Incidents (30d)
No security incidents
Audit Chain
GECL blocks (SHA-256)
Pen Test
Certifications & Compliance
🔐
SOC 2 Type II
Security, Availability, Confidentiality — AICPA framework. Evidence collection active, audit targeted Q4 2026.
Coverage
42%
In Progress
ISO/IEC 27001:2022
Information Security Management System. Live automated evidence collection. Certification targeted Q4 2026.
Compliance
79%
79%
🇪🇺
GDPR (EU) 2016/679
Data residency EU (Stockholm). DPO: Dennis Bjarnemark. DPIA in progress. Right to erasure implemented.
Partial
🤖
EU AI Act
HIGH risk classification. Primal Charter active. Autonomy Gate enforced. Human oversight required for all autonomous actions.
Compliance
52%
52%
Infrastructure Security
☁️
AWS eu-north-1 — Stockholm
2 availability zones, VPC isolation, private subnets
Active
🔒
Encryption
TLS 1.3 in transit · AES-256 at rest · HTTPS enforced
Active
🛡️
DDoS Protection
AWS Shield Standard + WAF · Rate limiting 100/1000 req/min
Active
🔑
Access Control (RBAC)
10 roles · org-scope isolation · principle of least privilege
Active
📋
Immutable Audit Trail (GECL)
SHA-256 chained blocks · tamper-evident evidence log
Active
🧪
Penetration Testing
Independent pen-test planned Q3 2026. Vendor selection in progress.
Planned Q3
Data Privacy
📍
Data Residency
All primary data stored in EU (AWS eu-north-1, Stockholm, Sweden)
EU
🗑️
Right to Erasure (GDPR Art. 17)
Automated deletion workflow — submit request to privacy@wavult.com
Active
📝
DPIA (GDPR Art. 35)
Data Protection Impact Assessment for AAMOS Ouroboros — in progress. DPO: Dennis Bjarnemark
In Progress
⚖️
Legal Basis
Art. 6(1)(f) Legitimate interest + Art. 6(1)(a) Consent where applicable
Documented
Constitutional AI & Ethics
📜
Primal Charter
Constitutional constraints baked into AAMOS core — cannot be overridden at runtime. Defines ethical limits and operational boundaries.
Active
🚦
Autonomy Gate
All autonomous high-impact actions require explicit human approval. No fully autonomous irreversible operations.
Active
🔍
Transparency Logging
Every AI decision with external impact is logged with rationale, model, confidence, and timestamp.
Active
👁️
Multi-Provider AI Routing
No single AI vendor lock-in. Routing across: Claude (Anthropic) GPT-4 (OpenAI) Gemini (Google)
Diversified
Incident History (12 months)
No incidents recorded
Zero security incidents in the last 12 months. Uptime 99.97%.
Clear
Sub-processors
Provider Purpose Location Certified
Loading…

Questions about security or compliance?

Our security team responds to all inquiries within one business day.

✉ security@wavult.com Privacy Policy Security Posture →
Last updated: