Compliance Operations
- SOC 2 readiness with documented controls and audits
- GDPR: data residency, DSAR, right-to-be-forgotten workflows
- Vendor due diligence artifacts on request
- Incident response with time-bound SLAs
Data Residency and Exports
- Data hosted with Supabase; exports on request
- Residency options via regional projects
- Immutable audit logs for access
DSAR Workflow
- Authenticate requestor identity
- Export user data package
- Apply deletion within SLA, update audit log
Incident Response
- Severity matrix with response times
- Postmortem template and action tracking
- Customer communication channels