Home / Trust / Trust Center
Developum AI Inc. · Trust Center

Trust & Compliance.

Effective July 1, 2026

Developum AI Inc. operates the EVOLUM platform against the AICPA Trust Services Criteria for Security, Availability, and Confidentiality. This page describes exactly what that means, what we can prove, and what a prospective auditor or enterprise buyer can request from us on any given day.

Honest framing. We are SOC-2 compliant — our controls, policies, and evidence align with the SOC-2 Type II framework. We do not hold a signed attestation report from a CPA firm at this time; that engagement is available when a customer or investor requires it. Our full auditor package — 8 policies, system evidence, and automated control scripts — is ready to share.

What We Have Today

Eight Corporate Security Policies

System Evidence & Automation

Trust Services Criteria — Where We Stand

CriterionPosture
SecurityEncryption in transit (TLS 1.2+) and at rest (Supabase-managed AES-256). Least-privilege access enforced via Supabase RLS. Workstation encryption and auto-lock enforced.
AvailabilityHetzner primary infrastructure. Daily automated database backups. Documented DR/BCP with RTO/RPO targets. Uptime monitoring on customer-facing endpoints.
ConfidentialityScreenplay and personal data never leaves the platform for third-party AI processing. Deterministic engine runs locally. Zero customer content transmitted to external LLM APIs.
Processing IntegrityDeterministic Python + JSON pipeline. Same input → same output. Auditable transformation logs.
PrivacyCovered under our Privacy Policy and Data Processing Addendum. GDPR- and CCPA-aware data handling.

How to Get the Auditor Package

Enterprise buyers, investors performing security diligence, and prospective auditors can request the full readiness package by writing to security@developumaiengine.com. We reply within two business days and share the package under mutual NDA.

The package includes: all 8 policy documents in full, system evidence exports, automation script source, our sub-processor list with security-review dates, and current risk register.

The Road Ahead

A formal SOC-2 Type II attestation engagement will be initiated when a customer, investor, or partner requires the signed report — or when we choose to pursue it proactively as we scale. When that happens, this page will be updated with the auditor, engagement dates, and eventually the signed report itself.

Until then: we are compliant, we are ready, and we can prove it on any given day.

Questions or requests? Reach us at security@developumaiengine.com for security, compliance, or auditor inquiries. For all other legal questions: hello@developumaiengine.com.