Trust Center

Documentation for security, procurement, and compliance reviewers evaluating AI Governance Hub.

Security architecture

AI Governance Hub follows a fail-closed security model. Payment verification, work item counting, plan detection, and report generation run exclusively on the server. The browser never authorizes downloads or sets commercial terms.

HMAC-verified Razorpay payments before report release
Signed download and recovery tokens with expiry
Rate limiting and correlation IDs on API routes
Structured audit logging for payments, uploads, and admin actions
No payment card, UPI, or banking data stored by AI Governance Hub

Full Security Policy · Technical security documentation

Security review package (for CISO & security architects)

Documents available today for vendor review — we do not claim certifications we have not earned.

Available for download / review

Security Policy — architecture, auth, payments, uploads, responsible disclosure
Privacy Policy — retention (90-day reports, ~24-hour upload sessions), no third-party AI training on uploads
Trust Center (this page) — data lifecycle, payment integrity, SLAs
Technical security documentation
Enterprise Procurement Guide — pricing, invoice/PO process, deliverables
Refund Policy

Sub-processors (website assessment flow)

Razorpay — payment processing (PCI handled by Razorpay; we do not store card/UPI data)
Hosting provider — serverless API and static site delivery (TLS, HSTS in production)
Atlassian Forge — Marketplace app runs in your Jira Cloud tenant (separate from website uploads)

For sub-processor questionnaires or custom DPAs, contact security@aigovernancehub.ai.

What we do not claim

SOC 2 Type II, ISO 27001 certification, or FedRAMP authorization (unless separately contracted and documented)
HIPAA BAA or banking regulatory approval through software alone
That a report constitutes legal certification or regulatory sign-off

Deployment scale (honest limits)

Website assessment Self-serve up to 1,000 work items per upload. Single purchaser email per assessment. Not multi-tenant SSO on this flow.

Enterprise assessment (1,001+ items) Sales-scoped quote, secure payment link, dedicated handling. Contact sales@aigovernancehub.ai.

Production Jira teams (100–5,000+ users) Atlassian Marketplace app with Forge tenant isolation — the path for ongoing governance workflows, not the website upload flow.

Global deployment Website assessments are server-processed; production governance runs in your Atlassian cloud region via Marketplace install.

Regulated industry buyers

Industry selection during upload adjusts report framing — it does not create compliance certification.

Healthcare: Do not upload PHI. Use redacted or synthetic exports. Reports support governance evidence — not HIPAA attestation.
Banking & financial services: Redact account numbers, customer PII, and confidential deal data before export. Useful for AI initiative inventory — not regulatory filing.
Government: Confirm export policy with your information security office. Enterprise quote available for large portfolios and procurement coordination.
Manufacturing / technology: Standard export workflows; ideal for PMO and architecture-led AI governance baselines.

Customer responsibility: You control what leaves your environment. We process what you upload solely to deliver your assessment.

Assessment data & AI processing

Website assessment uploads are processed on our servers solely to generate your governance report and deliver it to you. We do not use your upload to train third-party AI models. Analysis uses governance-weighted rules and portfolio metrics — not public redistribution of your export.

Deletion requests: support@aigovernancehub.ai

Support SLAs

General support: support@aigovernancehub.ai — within 1 business day
Enterprise sales: sales@aigovernancehub.ai — within 1–2 business days
Security: security@aigovernancehub.ai — responsible disclosure welcome

Confidential upload handling

Assessment uploads may contain sensitive project metadata. We treat every upload accordingly:

TLS encryption for all transfers
Server-side validation, malware pattern scanning, and file hash logging
Work item metrics computed from parsed content — never accepted from the client
Enterprise portfolios over 1,000 work items route to a dedicated sales workflow — no self-service checkout bypass

Deletion requests: support@aigovernancehub.ai

Privacy

We process uploaded project data solely to generate your assessment and deliver reports. Payment details are handled exclusively by Razorpay.

Infrastructure

Persistent encrypted object storage, serverless API routes, and environment-isolated secrets. Production Jira governance workflows run on Atlassian Forge within your tenant boundary.

Encryption

TLS/SSL for all traffic; HSTS in production
HttpOnly session cookies for authenticated dashboard access
HMAC-signed download and recovery tokens

Payment integrity

Order amounts are calculated server-side from detected plan and portfolio size. The total shown in your order summary must match the Razorpay checkout amount exactly. Reports generate only after cryptographic payment verification.

Refund Policy

Data lifecycle & retention

Upload → validation → analysis → verified payment → report generation → secure delivery → dashboard recovery. Upload sessions expire. Recovery tokens remain valid for 90 days unless deletion is requested.

Customer & vendor responsibilities

Your responsibilities: Ensure uploads comply with internal data policies; provide accurate contact details; retain payment references for support.

Our responsibilities: Secure processing, server-side validation, verified payment before delivery, audit logging, and timely support response per published SLAs.

Compliance posture

Framework mapping supports EU AI Act, ISO 42001, and NIST AI RMF evidence workflows. Reports assist governance review and board reporting — they do not constitute legal certification or regulatory approval.

Contact

Security: security@aigovernancehub.ai
Support: support@aigovernancehub.ai
Enterprise sales: sales@aigovernancehub.ai

Frequently asked questions