Compliance frameworks
Vaikora ships pre-built presets for SOC 2 Type II, HIPAA, GDPR, PCI DSS, and ISO 27001. The presets cover logging, evidence collection, and policy-mapping requirements out of the box. Data443 hosting infrastructure is SOC 2 Type II compliant. Vaikora's own SOC 2 Type II audit tracks Q3 2026.
SHA-256 audit chain
Every enforcement decision is signed into an append-only audit chain. Auditors can replay the chain and verify integrity without vendor cooperation. Receipts include the action, the matched policy, the agent, and the timestamp.
Data handling
The Vaikora policy engine does not retain prompt or completion content beyond the audit receipt unless a customer policy explicitly opts in. Audit chain entries store hashes and metadata, not full content.
BAA availability
Data443 signs BAAs for the commercial Control Plane. Healthcare customers can run the open-source gateway entirely on-premise if they prefer to keep enforcement on their own infrastructure.