Trust center
Everything your CISO needs to say yes.
Certificates, sub-processors, penetration test cadence, and the honest incident history. Available without a sales call.
Certificates and attestations
SOC 2 Type II
Schellman & Co.
Period: Aug 1, 2024 – Jul 31, 2025
Availability: Under NDA via your account team
HIPAA
Self-attested with BAA
Period: Effective Jan 2024
Availability: BAA on Business and Enterprise plans
ISO 27001
BSI
Period: Stage 2 audit Q3 2026
Availability: Stage 1 letter under NDA
GDPR
Self-attested with DPA
Period: Effective May 2023
Availability: DPA available on every plan
Sub-processors
Mnemos uses the sub-processors below to deliver the service. Email security@mnemos.ai to subscribe to change notifications.
Sub-processor
Purpose
Location
Amazon Web Services
Primary infrastructure hosting
US-East, US-West, EU-West
Cloudflare
Edge network, DDoS, WAF
Global
Neon
Managed Postgres
Customer-selected region
Anthropic
LLM inference (default)
US
OpenAI
LLM inference (optional)
US
Stripe
Billing and payments
US
Twilio
Voice transport for interview agent
Customer-selected region
Segment
Product analytics
US
Penetration testing
Independent penetration tests run twice yearly. Letters of attestation available under NDA.
March 2026
Doyensec
Application security and tenant isolation
0 critical, 1 high (remediated)
September 2025
Bishop Fox
Web app and AI prompt injection
0 critical, 2 high (remediated)
March 2025
NCC Group
Infrastructure and identity
0 critical, 0 high
Incident history
Every customer-impacting incident in the last 12 months, with public root-cause summary. Real-time status at /status.
Apr 18, 2026
Search latency degradation
Customer impact
Elevated P95 latency for ~42 minutes for tenants in US-East.
Root cause and remediation
A re-ranker model upgrade introduced a hot path that triggered GC pressure. Rolled back; canary policy updated.
Jan 9, 2026
Slack adapter sync delay
Customer impact
Newly posted Slack messages delayed for ~3 hours on the Slack adapter only. No data loss.
Root cause and remediation
Upstream Slack API rate-limit change; adapter back-off recalibrated.
Send a security questionnaire.
Our security team responds to standardized questionnaires (CAIQ, SIG-Lite, VSAQ) within five business days.