API and MCP boundary
Public clients use versioned /v1 API and remote MCP tools. They do not get direct Supabase table access, raw crawler payloads or internal schema names.
Trust Center
Enterprise trust controls for Nordn.ai API and MCP
This page summarizes the current readiness baseline. Nordn.ai is building toward SOC 2 readiness and ISO/IEC 27001 readiness, but does not claim external SOC 2 attestation or ISO/IEC 27001 certification yet.
Control baseline
Built for secure API-first operation
Internal evidence lives in System Catalog, GitHub, Cloudflare, Supabase, R2 and audit reports. Public trust pages show safe summaries only.
Edge security
Cloudflare WAF, API Shield, rate limits, enterprise headers, request IDs and Workers logs are part of the launch baseline.
Audit integrity
Operational ledgers are backed by hash-chain checkpoints and Cloudflare R2 Bucket Lock evidence for documented audit, backup and edge-log prefixes.
Supply chain
GitHub Enterprise, branch protection, CodeQL, dependency review, SBOM/provenance, artifact attestation and Node 24 workflow gates are required.
Disaster recovery
Backup and restore evidence is tracked through runbooks, R2 storage, restore checks and System Catalog status instead of static claims.
Privacy and legal readiness
GDPR launch controls, DPA, privacy pages, opt-out flows and CCPA/CPRA roadmap items remain explicit gates before broader public launch.
Artifacts
Public artifacts available now
These artifacts are intentionally conservative. Customer-specific packets and legal-approved enterprise documents will be added before public enterprise sales.
Security
Report a vulnerability
Send security reports to security@nordn.ai . Do not include customer data, secrets or exploit details beyond what is required to reproduce the issue safely.