Skip to main content
Voight publishes its compliance posture against the major data protection and AI safety frameworks. Each one below is a public document, versioned and dated, that you can review before deciding to send Voight your team’s telemetry. All four frameworks are published, with a full downloadable PDF each.

GDPR

Available · v1.0 · May 2026Full alignment with Regulation (EU) 2016/679. Spain main establishment, AEPD supervisory authority, 2021 SCCs for international transfers, 30-day rights window.Read summary →

OWASP LLM Top 10

Available · v1.0 · May 2026Alignment against the OWASP Top 10 for LLM Applications (v2.0). A risk-by-risk map of where Voight helps you detect, investigate, and constrain each risk — and an honest account of the two it can’t.Read summary →

NIST AI RMF

Available · v1.0 · June 2026Mapping of Voight against the NIST AI Risk Management Framework 1.0 and its Generative AI Profile — all four functions, with Voight in the Measure layer.Read summary →

SOC 2 Readiness

Available · v1.0 · June 2026Controls mapped to the AICPA Trust Services Criteria — Security, Availability, Confidentiality — with six known gaps published, not hidden. Voight is not Type II certified today; the audit is on the roadmap.Read summary →

Why we publish these

Three reasons:
  1. It’s the right thing to do. Customers handing us telemetry deserve to see how we treat it before they send the first event.
  2. It saves your procurement team time. A versioned PDF is faster to forward to your auditor than a back-and-forth email thread.
  3. It keeps us honest. Publishing a control set is the cheapest way to keep that control set true over time.

What ties it all together

The same principles run through every document:
  • One lawful basis for personal data: contract performance.
  • Three sub-processors, all SOC 2 Type II: Vercel, Railway, Privy.
  • Privacy by design: the SDK runs three local filters before any payload leaves your machine — see Privacy overview.
  • No data sale. Personal data is never sold or shared with advertisers.
  • Versioned, dated documents. When a material change happens, we publish a new version and announce it in the changelog.

Reporting concerns

Found a security issue, a privacy concern, or something missing from these documents? Email team@voight.xyz. We acknowledge within 48 hours. For data protection complaints, the formal route is through our lead supervisory authority, the Spanish AEPD (www.aepd.es).