Compliance & Certifications Statement
Our current compliance posture and certification status.
Last updated July 12, 2026
1. Purpose
This Compliance & Certifications Statement describes Haruspex’s approach to regulatory compliance, information security, privacy, and industry standards. It is intended to provide transparency regarding the controls currently implemented across the Haruspex platform and to clarify which certifications or attestations have and have not been obtained.
This statement should be read together with the:
- Terms of Service
- Privacy Policy
- Data Processing Addendum
- Security & Vulnerability Disclosure Policy
- AI Model Transparency Statement
2. Current Compliance Status
Haruspex is committed to building its platform using security and privacy best practices.
As of the Effective Date, Haruspex:
- implements internal security controls;
- follows secure software development practices;
- maintains documented security and privacy policies;
- minimizes collection of personal information;
- limits employee and administrator access to production systems;
- continuously reviews operational risks.
Haruspex continuously evaluates additional compliance frameworks as the platform grows.
3. Certifications
Haruspex has not yet obtained formal third party security certifications.
This includes, but is not limited to:
- ISO/IEC 27001
- SOC 2 Type I
- SOC 2 Type II
- ISO 27701
- PCI DSS Certification
- CSA STAR Certification
Haruspex will not claim certification unless it has successfully completed the applicable independent assessment.
4. Security Practices
Although Haruspex is not currently certified under a formal security framework, the platform follows security practices including:
- encryption of data in transit using TLS;
- encryption of sensitive stored data where appropriate;
- least privilege access controls;
- authentication and authorization controls;
- audit logging for administrative operations where applicable;
- vulnerability monitoring;
- regular dependency updates;
- secure deployment procedures;
- environment separation between production and development where feasible.
Security controls continue to evolve alongside the platform.
5. Privacy Practices
Haruspex is designed with privacy principles including:
- data minimization;
- purpose limitation;
- limited retention;
- user access rights where applicable;
- secure deletion procedures;
- restricted internal access to personal information.
Additional details are available in the Privacy Policy and Data Processing Addendum.
6. AI Governance
Haruspex develops AI-powered services using governance principles that include:
- transparency regarding AI-generated outputs;
- human oversight of platform development;
- monitoring for system abuse;
- safeguards against misuse;
- ongoing model evaluation;
- continuous improvement of AI reliability.
AI responses remain probabilistic and should not be treated as professional advice.
7. Data Protection
Haruspex applies technical and organizational measures designed to protect customer information from unauthorized access, disclosure, alteration, or destruction.
These measures may include:
- encryption;
- authentication controls;
- access logging;
- infrastructure monitoring;
- backup procedures;
- incident response processes.
No internet-connected service can guarantee absolute security.
8. Vendor Management
Haruspex carefully evaluates third party service providers that process customer information.
Selection criteria may include:
- security practices;
- reliability;
- privacy protections;
- contractual safeguards;
- operational maturity.
Current subprocessors are identified in the Subprocessor List.
9. Regulatory Compliance
Haruspex seeks to comply with applicable laws and regulations governing its operations within supported jurisdictions.
Because Haruspex does not currently offer services to residents of certain jurisdictions, regulatory obligations specific to those jurisdictions may not presently apply.
If Haruspex expands into additional markets, its compliance program, legal documentation, and operational controls will be updated as necessary.
10. Future Compliance Roadmap
As Haruspex grows, it may pursue independent audits and certifications, including:
- SOC 2
- ISO/IEC 27001
- ISO 27701
- additional privacy certifications;
- regional regulatory compliance programs.
Publication of any certification will occur only after successful completion of the applicable assessment.
11. Customer Due Diligence
Enterprise customers may request additional security or compliance information during procurement.
Where appropriate and subject to confidentiality obligations, Haruspex may provide:
- security documentation;
- architectural overviews;
- responses to security questionnaires;
- information regarding implemented controls.
Haruspex reserves the right to decline requests that would disclose sensitive security information.
12. No Misrepresentation
Haruspex does not represent that it has obtained any certification, accreditation, regulatory approval, or compliance status unless expressly stated in official documentation published by Haruspex.
Customers should not infer certification based on references to security practices or alignment with industry standards.
13. Updates to this Statement
Haruspex may update this Compliance & Certifications Statement to reflect:
- newly obtained certifications;
- changes to security controls;
- changes in applicable regulations;
- organizational growth;
- new products or services;
- changes to operational practices.
Updated versions become effective upon publication unless otherwise stated.
14. Contact
Questions regarding compliance, security, or certifications may be directed to Haruspex through the contact methods published on the official website.