[Trust Center]

Security you can verify.

Cerbera secures other companies' AI, so our own bar is non-negotiable. Here is how we protect your data and the standards we hold ourselves to.

[Posture]

How we protect your data.

Data stays local

Cerbera runs as a transparent proxy on the endpoint. Detection happens locally; we do not store or transmit prompt content by default.

Least privilege

Cerbera deploys and removes via MDM in one click and coexists with your VPN and DNS proxies. No standing access you cannot revoke.

Transparency

You decide whether prompt logs are retained. Configuration and policy are auditable, and nothing is a black box.

Operator-run

Built and operated by Bastion, a managed-security team that runs SOC 2 and ISO 27001 programs day in, day out.

[Compliance]

Standards we align to.

Cerbera inherits Bastion's compliance program, with SOC 2 and ISO 27001 certifications in place and ISO 42001 in progress.

SOC 2 Type IICertified
ISO 27001Certified
ISO 42001 (AI)In progress
GDPRCompliant

[Documents]

Policies and agreements.

Subprocessors

The list of third parties that may process customer data.

Request →
Data Processing Agreement

Our standard DPA, available on request.

Request →
Privacy Policy

How we handle personal data across the product and site.

Request →

[Report a vulnerability]

Found something? Tell us.

We welcome responsible disclosure. Reach our security team directly and we will respond quickly.

security@cerbera.ai