Waygrid AI Gateway is now in General Availability. Secure, streamline, and simplify your AI initiatives. Learn more →

Trust Center

Trust, documented

Enterprises route their most critical traffic through Waygrid, and trust like that is earned with evidence. This page collects our certifications, our practices, and the documents your security and compliance teams will ask for.

Certifications & frameworks

Independently verified, continuously maintained

ISO/IEC 27001

Certified

Certified since 2019, audited annually with no major findings.

SOC 2 Type II

Attested

Annual attestation covering security, availability, and confidentiality.

PCI DSS

Level 1 Service Provider

Assessed annually for payment traffic handled by the platform.

GDPR

Compliant

EU-headquartered, with in-region processing and a standard DPA for every customer.

DORA

Aligned

Controls and evidence mapped for financial-sector customers under EU supervision.

HIPAA

BAA available

Business Associate Agreements supported for healthcare customers in the United States.

Our practices

How we protect what you route through us

Certifications describe a moment in time. These are the practices that hold between audits.

Encryption everywhere

Customer traffic is encrypted in transit with mutual TLS and at rest without exception. Keys are held in HSM-backed infrastructure and rotated on schedule.

Access under control

Production access follows least privilege with hardware-backed authentication, is granted just in time, and every session is recorded and reviewed.

Resilience by design

Every region operates with automatic failover, and our 99.99% uptime SLA is measured monthly and credited automatically if we ever miss it.

Data residency by policy

Customers choose the regions where their traffic and records are processed, and the platform enforces that choice. Nothing moves jurisdictions silently.

An audit trail we live by

The same immutable, seven-year audit log we offer customers records our own operations, from configuration changes to support access.

Tested by outsiders

Independent penetration tests run at least annually, alongside a continuous vulnerability management program. Summaries are available to customers.

Documentation

The documents your teams will ask for

Public documents are available immediately. Restricted documents are shared through your account team, typically within two business days.

  • Service Level Agreement The full 99.99% uptime commitment and credit terms.
    Public View →
  • Data Processing Agreement GDPR-standard terms, including the current subprocessor list.
    Public View →
  • ISO/IEC 27001 certificate Current certificate and statement of applicability.
    On request Request →
  • SOC 2 Type II report Most recent attestation report.
    Under NDA Request →
  • Penetration test summary Executive summary of the latest independent assessment.
    Under NDA Request →
  • Security whitepaper Architecture, controls, and operational practices in depth.
    On request Request →
2019
Every audit passed since
99.99%
Uptime SLA
7 yrs
Audit log retention
28
Regions with residency control
Responsible disclosure

Found something? Tell us first.

We welcome reports from security researchers and will acknowledge every submission within one business day. Write to [email protected] and our security team will take it from there.

Ready to see Waygrid in action?

Book a personalized demo. A solutions engineer will walk you through how Waygrid can help streamline your architecture, eliminate inefficiencies, and maximize your innovation.