Trust

Trust at Saiba

We build AI systems close to your business data. This page explains the public commitments, documents, and review practices around that work.

Last updated
2026-05-07
Next review
2026-08-07
Status
Published

Compliance status

  • Privacy and GDPR

    We operate our website and customer workflows with GDPR obligations in mind. See our privacy policy and sub-processor list.

    Active

  • ISO 27001 preparation

    We are preparing the policies, evidence, and operating controls needed for an external certification process. Public updates will be shared when milestones are ready.

    Preparing

  • EU AI Act tracking

    We track relevant EU AI Act obligations and review customer AI workflows against risk tiers, data boundaries, and human review points.

    Tracked

  • Danish digital responsibility

    We use Danish digital responsibility principles as an internal checklist for data use, transparency, and accountable automation.

    Tracked

  • Provider assurance

    We use selected providers with published security programs and list sub-processor scope publicly.

    Active

Documents

Public documents are linked below. Customer-specific and security-sensitive documents are available on request.

Public commitments

  • Annual transparency report

    Published every year covering incidents, sub-processor changes, and compliance posture deltas.

  • Public sub-processor list, kept current

    Material changes notified to active customers ahead of activation.

  • 72-hour breach notification

    In line with GDPR Article 33. Customers and supervisory authorities notified within 72 hours of confirmed incident.

  • Vulnerability disclosure program

    Responsible disclosure published at /.well-known/security.txt. Policy at /security-policy.

  • Accessibility

    We target WCAG 2.1 AA. Statement at /accessibility.

Acknowledgments

Researchers who report security issues responsibly will be listed here with their permission. The list is currently empty.

Contact