One place for all our security documentation, compliance frameworks, privacy assessments, and government authorization materials. Built for users, enterprise teams, and government assessors.
AES-256
Encryption at Rest
TLS 1.3
Encryption in Transit
25+
Audit Event Types
31
NIST 800-53 Controls Mapped
8+
Regulatory Agencies
0
User Data Sold
AES-256, TLS 1.3, MFA, Zero Trust Architecture
Comprehensive security documentation covering data protection, access controls, AI safety guardrails, Zero Trust Architecture implementation, and vulnerability disclosure program.
All users, enterprise security teams
SEC, FINRA, CFPB, FTC, IRS, FinCEN, CISA, HHS
Regulatory alignment across 8+ agencies. Detailed compliance statements for each regulator, specialist license verification program, and continuous compliance monitoring.
Enterprise compliance officers, regulated entities
NIST SP 800-53 Rev. 5 — FedRAMP Moderate
System Security Plan public summary with 31 NIST SP 800-53 Rev. 5 control implementation statements, FIPS 199 impact assessment, authorization boundary, and POA&M.
Government assessors, agency AOs, DoD contractors
NIST SP 800-171 Rev. 2 — 9 Domains Mapped
CMMC Level 2 practice implementation statements across 9 security domains. Intended for DoD contractors, prime contractors, and government procurement officers.
NPI, PII, CUI — Full Data Inventory & Risk Analysis
Full Privacy Impact Assessment covering 6 information types, 6 user privacy rights, privacy risk analysis, data flow documentation, and governance structure.
Section 508 / WCAG 2.1 — ACR Report
Accessibility Conformance Report (ACR) aligned with the Voluntary Product Accessibility Template (VPAT) covering WCAG 2.1 AA conformance and Section 508 compliance.
EU NIS2 Directive — 24-Hour Early Warning
Structured incident reporting form for EU/EEA entities under the NIS2 Directive. Submit 24-hour early warning notifications for significant cybersecurity incidents.
CCPA, GDPR 72hr, NIS2, GLBA, US-CERT Timelines
Detection-to-notification timeline, severity classification (P1–P4), all regulatory deadlines, and the 7-step subscriber notification procedure including credit monitoring offers.
Supabase, Stripe, Plaid, Twilio, OpenAI — 8 Vendors Assessed
Third-party vendor risk management policy covering 8 vendors across 3 tiers. Full assessment of data access scope, certifications, contract controls, and review cadence.
Nova, Tundra, Vex, Echo, Aegis, Cipher — 6 Principles
Responsible AI governance policy covering 6 core principles, prohibited uses, AI advisor guardrails, user rights (explanation, appeal, opt-out), and governance structure.
NIST SP 800-61 — 6 Phases, IRT Roles, Runbooks
6-phase incident response lifecycle (Preparation through Post-Incident Review), IRT role assignments, 6 incident type runbooks, and escalation matrix.
SOC 2, FedRAMP ATO, CMMC L2, ISO 27001 — 2026–2027
14 completed milestones, 6 in-progress, 12 planned. Transparent timeline for SOC 2 Type II, FedRAMP Moderate ATO, CMMC Level 2 C3PAO certification, FIPS 140-3, ISO 27001, and HIPAA BAA.
Nova, Tundra, Vex, Echo, Aegis, Cipher — All AI Incidents
Transparent public log of all AI output incidents, bias reports, guardrail breaches, and youth safety events. Every entry includes root cause, user impact, and resolution.
Every Document Update, Every Date, Permanent Record
Permanent dated record of every compliance document added, updated, or revised. Includes NIST control references, regulatory framework tags, and impact classification.
CCPA, GDPR, GLBA — Full Privacy Notice
Full privacy notice covering data collection, use, sharing, and user rights under CCPA, GDPR where applicable, GLBA, and COPPA.
FedRAMP Moderate
Pre-AuthorizationTargeting FedRAMP Moderate authorization. Pre-authorization assessment readiness achieved.
SOC 2 Type II
Audit In ProgressSOC 2 Type II audit in progress. Type I controls implemented. Report expected Q4 2026.
CMMC Level 2
Pre-CertificationCMMC Level 2 practice statements documented. C3PAO formal assessment not yet completed.
CCPA Compliant
ActiveCalifornia Consumer Privacy Act compliance active. All user rights implemented and exercisable.
COPPA Compliant
ActiveCOPPA compliance active. Verifiable parental consent required for under-13 accounts.
GLBA Safeguards
ActiveGramm-Leach-Bliley Safeguards Rule compliance active for NPI data protection.
Section 508 / WCAG 2.1
ActiveAccessibility conformance active. Full ACR report available.
NIS2 Directive
Active (EU/EEA)EU NIS2 incident reporting procedures in place. 24-hour early warning form available.
Transparency Notice: Psychnex is an early-stage startup in active compliance build-out. FedRAMP Moderate authorization, SOC 2 Type II, and CMMC Level 2 certification are targeted — not yet formally awarded. Status badges represent our readiness posture, not issued certifications. Contact security@psychnex.com for current status.
Agency security assessors and Authorizing Officials may request the complete FedRAMP documentation package including the full SSP, Security Assessment Plan (SAP), Security Assessment Report (SAR), and POA&M with detail.
Enterprise procurement teams and compliance officers can request our full vendor security questionnaire response, Data Processing Agreement (DPA), and SOC 2 interim security assessment summary.
Contact Compliance TeamVulnerability reports, security assessments, penetration test requests, FedRAMP inquiries. 24-hr response SLA.
Regulatory questions, enterprise compliance packages, specialist license verification, DPA requests.
Privacy rights requests (CCPA, GDPR), data subject access requests, privacy impact assessment inquiries, COPPA matters.
Privacy & Consent