Trust Center
Everything you need to evaluate Sistava on security, privacy, compliance, and reliability — without contacting sales.
Security
AES-256 at rest, TLS 1.2+ in transit, hardened Kubernetes cluster on Hetzner EU, automated nightly backups with WAL archiving, isolated tenant databases.
Privacy
GDPR + CCPA aligned. Founders own their data and can export or delete at any time. No PII in product analytics — userId only.
Compliance
SOC2 Type II roadmap underway. EU AI Act, data subject rights, full audit trail. Sub-processor list public and updated within 30 days of change.
Reliability
99.5% target uptime, public status page at status.sista.ai, error budget published. Disaster recovery tested quarterly.
Compliance & trust topics
- General Data Protection Regulation (GDPR) — Full compliance with EU data protection law.
- EU AI Act — Aligned with the EU Artificial Intelligence Act.
- California Consumer Privacy Act (CCPA) — Compliant with California privacy law.
- International Data Transfers — Lawful cross-border data transfer mechanisms.
- Security Practices — Defense in depth across every layer of the platform.
- Reliability and SLA — High availability with measurable, public commitments.
- AI Safety and Behavior — Guardrails, transparency, and human oversight by design.
- Business Liability Insurance — Sistava maintains active business liability insurance.
- SOC 2 Type II — Pursuing SOC 2 Type II certification.
- ISO 27001 — Working toward ISO 27001 certification.
- HIPAA — Preparing for HIPAA compliance for healthcare customers.
- CSA STAR — Pursuing CSA STAR cloud security certification.