Wentzel Trust Center

Wentzel Trust Center

Security and trust, built into every product.

Wentzel builds AI-native software for high-trust and regulated workflows. This is where we show our work: how we protect your data, the frameworks we hold ourselves to, and how to reach our security team. Everything here is meant to be verified, not taken on faith.

Every Wentzel product runs on one shared security foundation — the Wentzel Compliance Baseline. Rather than bolt controls onto each app, we implement a single set of controls, map them once to SOC 2 and ISO/IEC 27001, and enforce them everywhere through mandatory code review, automated checks in our pipeline, and an immutable audit trail. The result is consistent protection across the portfolio — and a trust center you can check, section by section.

Framework alignment

We design and operate to SOC 2 Type 2 and ISO/IEC 27001:2022. Until an independent auditor issues the report or certificate, we describe our status as Aligned — we do not say “compliant” or “certified” before the work is independently confirmed.

FrameworkStatusIndependent assessment
SOC 2 Type 2AlignedEngagement pending
ISO/IEC 27001:2022AlignedEngagement pending

How we protect your data

Encryption everywhere

Traffic is protected with TLS 1.3 in transit and encrypted at rest with managed keys. Sensitive fields are sealed with per-record envelope encryption before they ever reach a database.

Least-privilege access

Everyone signs in with phishing-resistant multi-factor authentication. Access is scoped to the minimum needed for the work and reviewed on a regular cadence.

A tamper-evident record

Privileged reads and changes are written to an append-only, hash-chained audit trail and retained for seven years — so there is always a verifiable record of who did what, and when.

Built for resilience

Our products run on a global edge network with database point-in-time recovery and documented recovery objectives. Live availability is published at status.wentzel.ai.

Responsible AI

We build with Anthropic’s Claude. Your data is never used to train AI models, and regulated health workloads run on isolated, agreement-backed infrastructure.

Deliberate vendor choices

We publish our subprocessor list, sign data-processing agreements, and intentionally exclude tools that don’t clear our security and privacy bar.

Explore the trust center

SecurityAccess control, change management, and monitoring.AvailabilityUptime commitments and disaster recovery.ConfidentialityData classification and encryption.PrivacyOur GDPR and CCPA posture, and your choices.ISO/IEC 27001:2022ISMS scope and Statement of Applicability.SubprocessorsThe third parties we rely on, and why.PoliciesOur information-security policy set.Data subject rightsRequest access, export, or deletion.Contact & disclosureReach our security team responsibly.

For auditors and enterprise customers: each section above carries the underlying control mapping and evidence pointers. A detailed auditor handoff packet — including penetration-test summaries and recovery-drill results — is available to enterprise customers under NDA at the customer portal.

Found a security issue? Reach our team at security@wentzel.ai or see our security.txt. We acknowledge reports within one business day. Operated by Wentzel Investments LLC · last reviewed June 2026.