Octyl octyl
Compliance posture

Compliance artifacts for security and procurement

This page tracks Octyl's current SOC 2 readiness, GDPR DPA availability, data residency posture, and zero-knowledge architecture controls.

SOC 2 Type I readiness

In progress

Control documentation and evidence collection are active for a SOC 2 Type I report.

  • Security controls are mapped to SOC criteria and tracked through runbooks.
  • Evidence collection workflows are active in the engineering process.
  • Security review requests are handled through enterprise support.

GDPR and DPA

Available on request

A GDPR Data Processing Agreement (DPA) is available for enterprise customers.

  • DPA requests are handled via enterprise@octyl.ai.
  • The baseline DPA template is available on request for legal review.
  • Subprocessor and transfer terms are covered in contract review.

Data residency

Regional deployment options

Deployments are region-aware, with dedicated region options for enterprise requirements.

  • Default managed deployment currently runs in AWS US regions.
  • Dedicated deployment options include regional controls for enterprise needs.
  • GovCloud-compatible deployment support is available for qualifying customers.

Zero-knowledge architecture

Production design

Zero-knowledge controls are part of the platform architecture, not policy-only commitments.

  • Secrets are encrypted before storage and isolated at runtime.
  • Factory lanes run in AWS Nitro-backed isolated environments on the Forge.
  • BYOK keeps model billing and key custody with the customer.

DPA requests and compliance review

To request a DPA, security packet, or procurement review, contact enterprise@octyl.ai. The baseline DPA template is shared directly with your legal team on request.