INNOVEXUS
Live posture
Trust Center

Trust artifacts.Honest about what we hold and what we inherit.

Innovexus does not independently hold SOC 2 Type II or ISO 27001 attestations. We inherit infrastructure-layer controls from our audited hosting partner and disclose the boundary explicitly. This page is the single source of truth for what we publish, what we share on request under NDA, and what is genuinely outside our scope today.

§ 01 / Trust artifacts
/ 01

Live compliance posture

PUBLIC · LIVE

Real-time verification of where Innovexus runs and what controls are inherited from hosting partners. Updated on every page load.

Open →
/ 02

Sub-processors

PUBLIC

Every third party that processes customer data: hosting, AI providers, payment, identity, observability. Updated when we add or remove one.

Open →
/ 03

Service Level Agreement

PUBLIC

Uptime targets, response times, and credits per tier. Published rather than negotiated.

Open →
/ 05

Security whitepaper · pen-test summary

ON REQUEST

Architecture summary, encryption, key custody, threat model. Detailed report and SOC 2-style evidence available on request under NDA.

Open →
/ 06

PAM RFP template

PUBLIC · CC BY 4.0

80-question vendor-neutral evaluation template (CC BY 4.0). Includes Innovexus answers in Appendix B.

Open →

What you won't find here(yet, and why).

  • An Innovexus-issued SOC 2 Type II report. Innovexus does not currently hold an independent SOC 2 attestation. We are hosted on SOC 2 Type II audited infrastructure and disclose this boundary throughout the site. If your procurement requires Innovexus to be the named audited entity, that's a real gap and we'll say so on the call.
  • FedRAMP authorisation. Innovexus is not FedRAMP-authorised. We will not pretend the inherited hosting controls amount to a FedRAMP authorisation.
  • Multi-region synthetic uptime monitoring. The /status page now reports live posture and component health derived from the same hosting verification API that powers /compliance. External 60-second-cadence uptime pings from BetterStack / Statuspage.io are not yet integrated; today, real-time degradations are communicated to active customers via Slack and email.

Need something we don't publish?Email [email protected].

NDA AVAILABLERESPONSE WITHIN 1 BUSINESS DAY

Pen-test summary, encryption architecture, threat model walkthrough, custom compliance attestations, regional data residency, BAA scope — all available under NDA via the trust mailbox.

Email [email protected]Schedule a demo