AI security that clears procurement, legal, and InfoSec.
SOC 2 Type II attestation, SSO/SCIM provisioning, immutable audit logs, custom data residency, and a dedicated CSM. Everything your security team needs to approve AI in production — without a 12-month vendor review.
The controls your InfoSec team will actually check for
We've seen the security questionnaires. STACK Vault is built to answer them — not route around them.
SSO & SAML 2.0
Okta, Azure AD, Google Workspace, and any SAML 2.0 IdP. SCIM provisioning and automatic deprovisioning on offboarding.
Immutable Audit Logs
Every access, change, and LLM interaction logged with tamper-evident records. Exportable to your SIEM in CEF or JSON.
Role-Based Access
Granular RBAC with custom roles. Principle of least privilege enforced at the API and UI layer, not just on paper.
Compliance Evidence
SOC 2, ISO 27001, and NIST CSF evidence collected continuously. Auto-generated for your GRC tool or auditor.
Data Residency
Choose your data region. US, EU, and APAC available. On-premises deployment option for regulated workloads.
SLA Guarantees
99.9% uptime SLA, 4-hour P1 response SLO, and contractual data deletion within 30 days of contract close.
What InfoSec and legal ask during vendor review
We've answered these for hundreds of enterprise security questionnaires.
Do you have a SOC 2 Type II report?
Yes. Current report available under NDA during evaluation. We also share our penetration test summary and CAIQ on request.
Can we review your data processing agreement?
Standard DPA available immediately. Redlines accepted for enterprise contracts over $50K ARR. Legal review typically completes in 2–3 weeks.
What's your incident notification SLA?
72-hour notification for incidents affecting customer data, as required by GDPR and CCPA. We also offer 24-hour notification SLA for enterprise contracts.
Do you support on-premises deployment?
Yes. Air-gapped and VPC-isolated deployments available for regulated industries. Talk to your account executive during evaluation.