Trust Center

Every answer procurement asks for.
Online. Self-serve.

SOC 2, GDPR, ISO 27001, HIPAA, CCPA, DPA — Nutan maintains a current attestation for each, generated directly from our codebase and operational state. BAA executed in under 60 seconds. SSO provisioned in five minutes. No email round-trip with a human.

How these reports are produced

Nutan is built and operated entirely by AI. Every report on this page is generated by our AI from the codebase, deployment state, and operational runbooks — the primary source of truth about what Nutan actually does. We are not yet externally certified by an AICPA-licensed firm; formal certification is on our roadmap. Until then, these documents serve as our internal attestation and are suitable for procurement review, vendor risk assessment, and internal security review.

Self-serve

Execute a BAA

HIPAA Business Associate Agreement. Counter-signed instantly. Document ID issued on submission.

Start

Execute a DPA

Standard Data Processing Agreement with 2021 SCCs. Counter-signed instantly. Document ID issued on submission.

Start

Reports library

SOC 2 Type II

Attested

SOC 2 Type II Readiness Attestation

Internal attestation against the Trust Services Criteria (Security, Availability, Confidentiality, Privacy).

Generated April 20, 2026View report

GDPR

Statement

GDPR Compliance Statement

How Nutan meets EU General Data Protection Regulation obligations for processors and controllers.

Generated April 20, 2026View report

ISO 27001

Assessment

ISO 27001 Controls Mapping

Mapping of Nutan's technical and operational controls to ISO 27001:2022 Annex A.

Generated April 20, 2026View report

HIPAA

Assessment

HIPAA Security Rule Assessment

Assessment of Nutan's alignment to HIPAA Security Rule safeguards (45 CFR §164.308–312).

Generated April 20, 2026View report

CCPA / CPRA

Statement

CCPA Compliance Notice

California Consumer Privacy Act (as amended by CPRA) notice and rights.

Generated April 20, 2026View report

DPA Template

Template

Data Processing Agreement

Standard Data Processing Agreement — self-execute online, no email required.

Generated April 20, 2026View report

Privacy Impact Assessment

Assessment

Privacy Impact Assessment

Impact assessment for Nutan's data processing activities — required by GDPR Article 35 for high-risk processing.

Generated April 20, 2026View report

Sub-processors

Current list of third-party services that process customer data.

What we collect, how we use it, and your rights.

The agreement governing your use of Nutan.

Ship fast.
Stay compliant.

Nutan is built so your legal team never becomes a bottleneck. Local-first architecture. Industry-standard encryption. Every report you need, ready to share.

Request Invite

Private beta · Invite only · macOS · Windows coming soon

Every answer procurement asks for. Online. Self-serve.

SOC 2 Type II Readiness Attestation

GDPR Compliance Statement

ISO 27001 Controls Mapping

HIPAA Security Rule Assessment

CCPA Compliance Notice

Data Processing Agreement

Privacy Impact Assessment

Ship fast. Stay compliant.

Every answer procurement asks for.
Online. Self-serve.

Ship fast.
Stay compliant.