Trust & Security
Live · verifiable now

Built for InfoSec from day one.

Don't take our word for it. Click Re-run live check below — every claim on this page is verified against the live API in under one second.

Live · auto-refresh 30s · /api/trust/dashboard
Right now
Degraded performance
Privileged actions
0
last 24h · in audit log
AI tokens saved
0
by the Auto-Compiler Proxy · all time
Cache hits
0
duplicate calls eliminated
Cascade routings
0
cheap-model-first routes
AI bill cuts (all customers)
$0.0000
measured by the proxy itself · zero estimation
Active proxy organisations
0
distinct organisations · last 30 days
Sub-processors
7
full list below · DPA-bound · GDPR Art. 28
Recent platform activity · anonymized
actor IDs hashed
No recent activity to show. Self-test the audit log from a signed-in account to make this feed live.
Show full sub-processor list (7)
  • MongoDB Atlas (US-East · primary database)
  • Anthropic (Claude — LLM provider)
  • OpenAI (GPT — LLM provider)
  • Google Gemini (LLM provider)
  • Resend (transactional email)
  • Slack (operational alerts)
  • Frankfurter / ECB (currency rates)
24-hour uptime · per component
/api/trust/component-history
API Server
100.0%
MongoDB
100.0%
Anthropic Claude
100.0%
Google Gemini
100.0%
OpenAI
100.0%
Resend (email)
100.0%
Frankfurter (FX)
100.0%
operational degraded down no dataleft = 24h ago · right = now
Privacy guarantees: every actor ID is SHA-256 hashed before leaving the database. Emails never appear in this response. Per-customer numbers are never exposed — only platform-wide aggregates. Activity timestamps are relative ("2m ago") not absolute. This page is publicly cacheable for 30 seconds.

All security checks passed

4 of 4 guarantees verified · ran in 120ms · evaluated 7/8/2026, 8:23:08 AM

4/4

live

Security headers + tenant watermark active

security_middlewares_mounted

Per-org collection naming enforced

tenant_db_partitioning

JWT validation rejects tampered tokens

jwt_signature_validation

Stripe key sourced from env, never user input

stripe_key_env_only

mode: test · key type: secret

Uptime & status
Service availability — last 30 / 90 days.
operational

99.95%

30-day uptime

99.92%

90-day uptime

0 incidents in the last 30 days · health pings today: 0

Wire-level proof
The headers your browser just received.
x-cartie-org-id: unscoped
x-cartie-tenant-scope: unauthenticated
strict-transport-security: max-age=31536000; includeSubDomains, max-age=63072000; includeSubDomains; preload
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-site
x-frame-options: DENY
referrer-policy: strict-origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options: nosniff, nosniff

Verify yourself: curl -I https://cartieai.com/api/trust/live-check

Compliance & certification roadmap

Where we are, where we're going, and the controls already in place. Truthful framing — we don't claim certifications we don't have.

LIVE

SOC 2-aligned controls

Following SOC 2 Type I controls (stateless cloud creds · encrypted-at-rest · JWT auth with rotation · audit log on every privileged action). Documentation generated from the open-source strongdm/comply toolkit.

LIVE

GDPR-aligned data handling

30-day deletion on account close · per-tenant DEK · DPA available on request.

LIVE

Multi-tenant isolation

Physical per-org MongoDB collections · X-CARTIE-Org-ID watermark on every response · 60+ leak_guard tests on every CI run.

PLANNED

Compliance automation platform

Evaluating Drata and Vanta (industry standards) for evidence automation. Adoption begins at customer #25 — qualifying for the startup program in either at that scale.

PLANNED

SOC 2 Type II audit

CPA auditor selection (likely Insight Assurance, Prescient, or Sensiba — startup-friendly $7–12K range) begins at customer #25. Typical observation window 6–12 months.

PLANNED

ISO 27001

Post-Series-A roadmap once SOC 2 Type II is in hand.

PLANNED

HIPAA-aligned BAA

On request for healthcare customers post-Series-A.

Most-asked questions

Answers we wish came pre-packaged with every InfoSec questionnaire.

No — and we don't want it. We use Stripe Restricted Keys with read-only scope on Customer / Subscription / Invoice. They cannot refund, charge, or access cards. Revocable in 5 seconds.

Four equally-valid integration paths:

  • SMB / Startup: Stripe Restricted Key, read-only.
  • Mid-market / Series B: Stripe Connect OAuth — customer clicks "Connect Stripe", approves on stripe.com, never pastes a key.
  • Enterprise / regulated: Run our exporter inside your VPC. Only aggregated, hashed identifiers leave your network.
  • Paranoid: Drop a Stripe export CSV once a month.

Need our SIG-Lite or a signed DPA?

We respond to InfoSec questionnaires within 1 business day.

Last evaluated: 7/8/2026, 8:23:08 AM · Back to CARTIEAI

We value your privacy. Cookies help us improve your experience. Learn more

Install CARTIEAI

Add to your home screen for quick access and offline support