A structured 10-point framework designed to surface hidden liabilities before you sign.
Retention policies, sub-processor dependencies, and GDPR compliance claims.
Cross-border transfer mechanisms, SCCs, and local hosting guarantees.
SOC 2 Type II, ISO 27001 claims, and encryption standards in transit and at rest.
Support for Enterprise SSO (SAML/OIDC), MFA enforcement, and RBAC.
Does the vendor use your payload data to train models? We find the opt-out policies.
Nth-party infrastructure dependencies and concentration risks (e.g., AWS us-east-1).
Active web search for historical data breaches, ransomware events, and mass outages.
Searches for FTC settlements, EU supervisory authority fines, and class action lawsuits.
Bug bounty programmes, VDPs, and responsible disclosure mechanisms.
Legal entity registration, jurisdiction, and verifiable operational history.