See something that needs updating? Open a PR against this repo — every page in here is markdown and easy to edit.
Quick links
Report a security issue
Suspected incident, lost device, phishing, or anything that doesn’t feel right.
Compliance frameworks
SOC 2 Type II and ISO 27001 — what we’re committed to and the evidence we maintain.
Roles & Personnel
Who holds which role, who approves what, and the canonical responsibility matrix.
Helpdesk
Laptop setup, MFA, account requests, and other day-to-day IT.
Core policies (SOC 2 / ISO 27001)
The 15 core information-security policies below form Neuroscale’s information-security program. Every employee and contractor is expected to read and acknowledge them, along with the 7 specialized policies and 2 legal references in the sections that follow (24 policies total).Information Security
The umbrella policy — start here.
Access Control
Who gets access to what, and how.
Asset Management
Tracking and protecting company assets.
Business Continuity
How we keep operating through disruption.
Code of Conduct
How we treat each other and our customers.
Cryptography
Encryption and key-management standards.
Data Management
Classifying, retaining, and disposing of data.
HR Security
Hiring, training, and offboarding controls.
Incident Response
How we detect, contain, and recover. Includes breach-notification matrix.
Operations Security
Day-to-day operations of production systems.
Physical Security
Office and facility controls.
Risk Management
How we identify and treat risk.
Roles & Responsibilities
Who owns what in our security program.
Secure Development
Building software securely by default.
Third-Party Management
Vendors, suppliers, and partners.
Additional policies
Specialized policies covering AI, trade compliance, ethics, and workforce-specific obligations.AI / GenAI Acceptable Use
How we use AI tools and how we build AI products responsibly.
Trade Compliance
OFAC sanctions, EAR, deemed-export, AI compute rules.
Open Source & SBOM
License review, SBOM generation, outbound contributions.
Insider Trading
MNPI, blackout periods, pre-clearance.
Workplace Violence
CA SB 553-aligned prevention and response.
Anti-Bribery & Corruption
FCPA / UK Bribery Act compliance.
Employee Privacy
What we collect about employees, why, and how long.
For customers and the public
Customer-facing notices and the trust center landing live in the Public tab.Trust Center
Compliance attestations, security highlights, contact.
Privacy Notice
GDPR / CCPA / state-law-compliant external privacy notice.
CA Applicant & Personnel Notice
CCPA/CPRA notice for California applicants, employees, and contractors.
Terms of Service
Master terms governing access to and use of our products.
Subprocessor List
Vendors that process Customer Personal Data.
Cookie Notice
Cookies and similar technologies on our sites.
Reporting & escalation
| What | Where |
|---|---|
| Security incident or suspected breach | security@neuroscale.ai |
| Lost or stolen device | helpdesk@neuroscale.ai — see Lost or stolen device |
| Privacy / data subject request | privacy@neuroscale.ai — see Data Subject Rights |
| Code-of-conduct violation | Your manager, CHRO, or ethics@neuroscale.ai |
| Anonymous report | Anonymous Reporting channel — see Whistleblower Policy |