Status: Aligned. Wentzel Investments LLC implements controls for SOC 2 Type 2 + ISO/IEC 27001:2022 but has not yet completed third-party audits. We use "Aligned" never "Compliant" or "Certified".
Confidentiality
Confidentiality covers identification of confidential data, protection during processing, and disposal. We handle customer integration credentials, source code (CARL Scanner ephemeral), and product PII.
Data classification
| Class | Examples | Storage |
|---|---|---|
@public | Marketing, OSS code, this trust center | Static / CDN |
@internal | System identifiers, internal configs | CloudWatch / Postgres (KMS) |
@pii | Customer email, name, IP | Postgres column-level KMS |
@phi | HIPAA-covered (Humanome only — separate scope) | Bedrock-routed paths only |
@financial | Stripe customer/subscription IDs (PAN never on our origin) | Stripe + LLC merchant accounts |
@secret | Credentials, API keys, KMS material | AWS Secrets Manager only |
Controls
| Control | Area | Status | Evidence |
|---|---|---|---|
| WCB-CC-12 | TLS 1.3 in transit | Aligned | Cloudflare + ALB enforced |
| WCB-CC-13 | KMS at rest — customer-managed CMKs | Aligned | Per-data-class key separation |
| WCB-CC-14 | Secrets management — AWS Secrets Manager | Aligned | Never in source; rotation per docs/secrets/rotation-plan.md |
| WCB-CC-24 | Data classification labels | Aligned | @public/@internal/@pii/@phi/@financial/@secret |
| WCB-CC-25 | Data retention & disposal | Aligned | Cascading delete via packages/data-export |
| WCB-CC-36 | NDA agreements with contractors | Aligned | Per-contractor + Trustee Agreement (Glenda Nicole Ramsey) |