Incident disclosure
We publish reportable incidents within 14 days, with post-mortems on customer-impacting events inside 60 days.
See incident historyTrust
Procurement-grade trust posture, published openly.
Every badge, every scope, every expiration. Every subprocessor. Every commitment. If a statement is aspirational we label it that way. If a badge is in progress we say so. This is the page your security team and your procurement team can share without rewriting.
Five pillars
Each pillar has a page. Each page has receipts.
Every section of our trust posture is documented at the depth a procurement review needs. Read once, cite forever.
Security
SOC 2 Type II in progress. Annual third-party pen tests. SSO-first architecture. Field-level encryption for sensitive data.
Read the security pagePrivacy
Charter-locked, not policy-locked. Our parent Foundation's 501(c)(3) charter forbids behavioral advertising and individual data sales.
Read the privacy pageCompliance
HIPAA-aligned (BAA available). FERPA-aligned. GDPR-ready. State privacy laws (CCPA, NY SHIELD, VA CDPA, TX SB8).
Read the compliance pageData Processing
DPA available pre-contract. Full subprocessor list, updated within 14 days of any change. Audit reports on request.
Read the data processing pageCertifications
Every badge listed with its scope, validity, and what it does and doesn't cover. No vanity badges.
Read the certifications pageLegal agreements
Terms, DPA, MSA, and AUP are published as plain-English summaries. Signed versions ride with your Order Form.
What we commit to
Three commitments, each tied to a timer.
Trust is the sum of what you do on the calendar, not what you say on a deck. These are the clocks we run.
Subprocessor changes
Additions, removals, and scope changes to our subprocessor list are announced within 14 days of the change.
See subprocessor listAudit reports on request
SOC 2 draft controls, pen test reports, and internal audits are available under mutual NDA.
Request reportsFoundation-backed
Visit elitesgen.orgElitesgen, Inc. is wholly owned by Elites Generation Foundation, a 501(c)(3) whose charter legally forbids behavioral advertising and the sale of individual user data.
Next step
Bring this to your security review.
Share this page with your security, legal, and procurement teams. If there's a question the pages don't answer, our team will answer it in writing within two business days.