Security posture, compliance, and the audit history.
Customer-owned data plane is the foundation. Everything else is built so a CISO, a regulator, or a board-level audit committee can verify what we claim — without needing to trust us.
Customer-owned data plane
Your data lives in your S3 / Azure Blob / GCS, behind your KMS keys. Eisberg infrastructure is incapable of holding your data.
Policy as code at every layer
Row-level, column-level, action-level, agent-level. One policy plane, every component reads from it, every decision audit-logged.
Tamper-evident audit trail
Cryptographically chained audit trail of every query, every action, every agent decision. Survives regulator scrutiny and our own.
Hard kill switches
Revoke any agent, any user, any workspace globally in one API call. Audit log records who, what, when, why.
What we are pursuing and what is ready today.
We will never claim a certification we do not hold. Status below is current as of the date on this page.
SOC 2 Type II
In progress
Audit window underway
ISO 27001
In progress
Implementation phase
HIPAA BAA
In progress
Available under NDA today
FedRAMP Moderate
In progress
Reference architecture documented
GDPR Article 28
Ready
DPA + EU SCCs available
PCI DSS Ready
Ready
Customer data plane segregation
Who else touches your environment.
Full sub-processor list available under NDA. We disclose every third-party service that interacts with customer environments, including their certifications and contractual data-processing terms.
We use a small number of sub-processors for cloud infrastructure (AWS, Azure, GCP for control-plane hosting), error monitoring, and operational telemetry. None of them store customer data — customer data lives only in the customer's own object storage.
Request the full list along with their contractual safeguards by emailing trust@eisbergdata.com.
Need the full security package?
CISO whitepaper, threat model, agent-governance specification, policy library, audit trail schema, and sub-processor list — all available under NDA.