ml-connector
Sign inGet started
Compliance

Built to satisfy the standards your auditors care about.

We engineer ml-connector around the controls behind the industry's major compliance frameworks, so the protections your security team expects are already in place.

A straight answer: ml-connector is engineered around the controls these frameworks require, so the protections are in place today. What follows is not a claim of certification, it is exactly how our infrastructure satisfies each framework's requirements. We would rather show you the controls than wave a logo.

Built to pass
SOC 2

Security, availability, processing integrity, confidentiality, and privacy.

Our architecture speaks to all five trust criteria: encryption at rest and in transit, a dedicated isolated environment per customer, scoped access with constant-time authentication, idempotent processing that won't duplicate records, and an append-only audit trail. The controls a SOC 2 audit looks for are simply how we build.

BAA available
HIPAA

Encryption, access controls, audit controls, integrity, and transmission security.

The technical safeguards of the HIPAA Security Rule are exactly what every workspace already sits behind. For customers who handle protected health information and need it, we are prepared to enter into a Business Associate Agreement (BAA). We are not ourselves a covered entity. These are the protections your data would live inside.

Built to support
GDPR

Data-subject rights, data minimization, and sub-processor transparency.

For customers and users in the EU, our design supports GDPR's core obligations. You can request access to or deletion of a workspace and its data, we never sell your data, we keep a short and transparent list of sub-processors, and every record is encrypted and isolated.

Out of scope by design
PCI DSS

Protection of cardholder data.

We never store or process card numbers. Payments are handled entirely by Stripe, a PCI DSS Level 1 service provider, the highest level there is. Card data goes straight to Stripe and never lands on our servers, keeping the most sensitive payment data out of scope completely.

Working through a vendor security review?

Send us the questionnaire. We'll map our controls to your requirements and answer in detail.

Read our security overview