Trust Center

Clear security posture for public beta teams.

EventStack labels implemented controls and roadmap items honestly. Formal compliance certifications are roadmap, not launch claims.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Implemented

Documented boundary control in the EventStack core runtime.

Vendor-Hosted

Handled through the named vendor integration rather than stored directly by EventStack.

Vendor-Hosted

Handled through the named vendor integration rather than stored directly by EventStack.

Disclosed

Current vendor dependencies are disclosed without claiming EventStack certification.

Published

Security reports route to the published EventStack security contact.

Roadmap disclosures

For vulnerability reports, security policies, and custom compliance check requests:

security@useeventstack.app

MFA enforcement and SAML SSO are not available in early access.
Public status and changelog pages are read-only projections from backend data.
Replay is designed for preview-first operation and requires explicit confirmation outside local-only flows.
Single-node Compose or K3s deployments are not high-availability unless operators deploy the documented HA topology.
Plan limits are the event, API-call, and workflow limits published on the pricing page.
Formal compliance certifications and data-residency controls are roadmap items, not launch claims.