# Trust Center

Everything you need to evaluate Sistava on security, privacy, compliance, and reliability — without contacting sales.

## Security

AES-256 at rest, TLS 1.2+ in transit, hardened Kubernetes cluster on Hetzner EU, automated nightly backups with WAL archiving, isolated tenant databases.

## Privacy

GDPR + CCPA aligned. Founders own their data and can export or delete at any time. No PII in product analytics — userId only.

## Compliance

SOC2 Type II roadmap underway. EU AI Act, data subject rights, full audit trail. Sub-processor list public and updated within 30 days of change.

## Reliability

99.5% target uptime, public status page at status.sista.ai, error budget published. Disaster recovery tested quarterly.

## Compliance & trust topics

- [General Data Protection Regulation (GDPR)](/en/trust/gdpr) — Full compliance with EU data protection law.
- [EU AI Act](/en/trust/eu-ai-act) — Aligned with the EU Artificial Intelligence Act.
- [California Consumer Privacy Act (CCPA)](/en/trust/ccpa) — Compliant with California privacy law.
- [International Data Transfers](/en/trust/international-transfers) — Lawful cross-border data transfer mechanisms.
- [Security Practices](/en/trust/security) — Defense in depth across every layer of the platform.
- [Reliability and SLA](/en/trust/reliability) — High availability with measurable, public commitments.
- [AI Safety and Behavior](/en/trust/ai-safety) — Guardrails, transparency, and human oversight by design.
- [Business Liability Insurance](/en/trust/insurance) — Sistava maintains active business liability insurance.
- [SOC 2 Type II](/en/trust/soc-2) — Pursuing SOC 2 Type II certification.
- [ISO 27001](/en/trust/iso-27001) — Working toward ISO 27001 certification.
- [HIPAA](/en/trust/hipaa) — Preparing for HIPAA compliance for healthcare customers.
- [CSA STAR](/en/trust/csa-star) — Pursuing CSA STAR cloud security certification.