Trust Center
The first AI assessment your auditor can reproduce
Every score is computed by a versioned, published methodology; every benchmark is k-anonymized; every board-grade AI output is checked by a second model. This page is the one-stop answer to “where did this number come from, and can I verify it?”
Live status · queried from production at page load
Healthy
Platform heartbeat · 1 min ago
43
Scheduled jobs completed, last 24h · 0 failure(s)
Tokyo, Japan
Primary data residency (EU & India cells on the roadmap)
Forecast calibration certificate · accruing (0/20)
Every trajectory forecast we issue is logged as a scoreable prediction and graded against the org's real later assessments. 0 of the 20 matured predictions required have been scored — accuracy figures publish automatically at 20, not before.
Tenant isolation, enforced in the database
Every organisation-scoped row is filtered by Postgres Row-Level Security — isolation is a database guarantee, not an application convention. A CI guard fails the build if any tenant table ships without RLS.
Reproducible, versioned scoring
Each assessment stores its methodology version. An auditor (or our own verification endpoint) can recompute any historical score from the stored answers and that exact methodology — band edits require a new version; history is immutable.
Benchmarks without data sharing
Peer comparisons read only k-anonymized cohort aggregates (minimum cohort of 5, enforced by a database constraint) built from explicitly consenting organisations. Raw assessment data never leaves any tenant. Consent is revocable and takes effect within one nightly cycle.
Model consensus on board-grade outputs
Board packs are generated by one frontier model and independently re-generated by a second; a deterministic comparison flags material disagreements (numbers, recommendations) for human review instead of silently picking a winner.
Provenance on every figure
Cockpit tiles, oversight items and board decks carry their source module, signal freshness, and methodology version. When inputs change after a deck is generated, it is visibly flagged stale — never silently served.
Append-only audit trail
Every mutation writes an append-only audit log entry, writable only by the service role. GDPR data-export and right-to-erasure endpoints are live in-product.
Methodology cross-walk · v2.0
Every dimension maps to external controls
The 15 SOVEREIGN dimensions cross-walk to controls in NIST AI RMF, ISO/IEC 42001, the EU AI Act and the OECD AI Principles, so your analysts can validate the methodology against frameworks they already trust. The full rationale is published in the methodology whitepaper.
| Dimension | Pillar | External controls |
|---|---|---|
| D01 · Vision & North Star Clarity | Strategic Alignment | NIST AI Risk Management Framework (AI RMF 1.0) — GOVERN 1.1 — legal/regulatory context and organisational AI strategy ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §5.2 — AI policy set by top management |
| D02 · Business Outcome Definition | Strategic Alignment | NIST AI Risk Management Framework (AI RMF 1.0) — MAP 1.3 — organisational mission and goals for the AI system ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §6.2 — AI objectives and planning to achieve them |
| D03 · Data Readiness & Quality | Operational Readiness | NIST AI Risk Management Framework (AI RMF 1.0) — MEASURE 2.2 — representativeness and provenance of data EU AI Act Compliance Framework — EU AI Act Art. 10 — data and data governance for high-risk systems |
| D04 · Architecture & Platform Maturity | Operational Readiness | ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §7.1 — resources for the AI management system IBM AI Ladder — IBM AI Ladder — modernise/collect: information architecture readiness |
| D05 · ROI Tracking & Benefit Realization | Value Realization | ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §9.1 — monitoring, measurement, analysis and evaluation McKinsey AI Adoption Framework — McKinsey AI Adoption — value assurance: tracked impact per use case |
| D06 · Portfolio Prioritization | Value Realization | NIST AI Risk Management Framework (AI RMF 1.0) — MAP 3.1 — benefits of intended purpose weighed against risks Gartner AI Maturity Model — Gartner AI Maturity — portfolio: systematic use-case prioritisation |
| D07 · Delivery Operating Model | Execution Excellence | ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §8.1 — operational planning and control McKinsey AI Adoption Framework — McKinsey AI Adoption — operating model and delivery archetypes |
| D08 · Change Management & Adoption | Execution Excellence | NIST AI Risk Management Framework (AI RMF 1.0) — GOVERN 4.2 — organisational culture and workforce engagement with AI risk Gartner AI Maturity Model — Gartner AI Maturity — adoption: measured change and enablement |
| D09 · AI & Operational Risk Management | Risk & Resilience | NIST AI Risk Management Framework (AI RMF 1.0) — MANAGE 1.2 — treatment of documented AI risks by priority EU AI Act Compliance Framework — EU AI Act Art. 9 — risk management system across the lifecycle ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §6.1 — actions to address risks and opportunities |
| D10 · Security & Responsible AI Posture | Risk & Resilience | NIST AI Risk Management Framework (AI RMF 1.0) — MEASURE 2.7 — security and resilience (secure-by-design, red-teaming) IEEE 7000 — Ethical Systems Design — IEEE 7000 — ethical values elicitation in system design Microsoft Responsible AI Framework — Microsoft Responsible AI — reliability & safety, privacy & security |
| D11 · Stakeholder & Partner Ecosystem | Ecosystem | NIST AI Risk Management Framework (AI RMF 1.0) — GOVERN 5.1 — engagement of relevant AI actors and external stakeholders OECD AI Principles — OECD Principle 1.5 — accountability across the AI value chain |
| D12 · Innovation Pipeline & Experimentation | Innovation IQ | Gartner AI Maturity Model — Gartner AI Maturity — experimentation cadence and incubation discipline OECD AI Principles — OECD Principle 2.4 — fostering a digital ecosystem for trustworthy AI |
| D13 · AI Governance & Compliance | Governance | NIST AI Risk Management Framework (AI RMF 1.0) — GOVERN 1.4 — risk management governance structures and lines of accountability ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §5.3 — roles, responsibilities and authorities EU AI Act Compliance Framework — EU AI Act Art. 17 — quality management system for providers |
| D14 · Talent, Capability & Workforce | Governance | ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §7.2 — competence of persons affecting AI performance OECD AI Principles — OECD Principle 2.3 — building human capacity for the AI transition |
| D15 · Course-Correction & Learning | Navigational Agility | NIST AI Risk Management Framework (AI RMF 1.0) — MANAGE 4.1 — post-deployment monitoring with course-correction mechanisms ISO/IEC 42001 — AI Management System — ISO/IEC 42001 §10.1 — continual improvement of the AI management system |
Sub-processors
Who touches your data
Vercel
Application hosting and edge network
Supabase
Postgres database, storage, vector search
Clerk
Authentication, SSO and user management
Anthropic
AI generation (primary model provider)
OpenAI
AI generation (fallback + consensus second opinion)
Lemon Squeezy
Payments (merchant of record)
Resend
Transactional email
Sentry
Error monitoring
PostHog
Product analytics
DPA, security questionnaires (SIG / CAIQ) and the methodology whitepaper are available on request — care@vouliiq.com.
Certification roadmap
- SOC 2 Type II— readiness underway, tracked as controls-and-evidence inside our own M28 Assurance & Evidence Vault (we run our compliance programme on the product we sell).
- ISO/IEC 42001 (AI management system) — readiness underway; the methodology cross-walk above is the working control map.
- GDPR — data-export and right-to-erasure endpoints live in-product today. Data currently resides in a single region (AWS Tokyo); dedicated EU and India residency cells are engineered and activate per customer on request — we will not state a residency we have not provisioned for you.
We label in-progress certifications honestly. Nothing on this page claims a certificate we do not hold.