Trust

Verify the security posture.

We publish what we can publish and provide what we can't. The platform's own evidence chain is queryable by enterprise tenants — the same data we publish is what auditors get.

/ 01

Audit Evidence

Continuous evidence collection.

Every action on the platform produces a signed, hashed evidence record. Aggregate health metrics published on /status. Per-tenant evidence available through the operator API.

·Sentinel grid: 31 sentinels, 5 tiers, continuous probing
·Evidence chain: SHA-256 hashes, Ed25519 signatures, KMS-wrapped keys
·Public uptime: 90 days of per-component data on /status

/ 02

Documents

On request.

DPA, security questionnaire, SOC 2 Type II progress letter, subprocessor list. Email security@brainstorm.co; we respond within 2 business days.

/ 03

Disclosure

Vulnerability reporting.

Security disclosures to security@brainstorm.co. Encrypted channel on request. Hall of fame for verified reports.

Audit the platform.

Open the operator surfaces. Inspect the evidence chain. Verify the trust posture by interacting with it, not by reading marketing copy.

Open MSP Security posture