Trust Center · live

Every reply ARIA sends ships with a receipt.

Single-tenant per workspace. EU-hosted by default. Every decision is signed, hash-chained, and shipped with an EU AI Act Article 13(b) explanation — so you (and your auditors) can verify, in seconds, that ARIA didn't make it up.

Decisions ARIA made — and audited — for our customers

14,829,402

+1,247 in the last hour · 0 falsified · 100% chain-verified

Citation grounded99.7%

Article 13 attached100%

Latency p95184 ms

A · Compliance

Audited, certified, and ready for procurement.

SOC 2 Type II

Audited Mar 2026 · Drata

Report (NDA) ↗

ISO 27001

Cert 2025-001 · BSI

Certificate ↗

GDPR

DPA template · DPO listed

DPA ↗

EU AI Act · Art 13

In force Aug 2026

Compliance brief ↗

DSA / DMA

Transparency reports

Q1 2026 ↗

HIPAA · BAA

On request

Request ↗

B · Verifiable AI

Live receipts. Falsifiable in seconds.

Every step ARIA takes — classify, retrieve, draft, send — emits a hash-chained receipt. The chain is published. Your auditors verify with a single API call. We can't hide a thing, and we don't try to.

Receipts API docs ↗

LIVE · receipt stream · trust.simplification.io/feedlast 60s · 47 events

rcpt_e4e624ac…route→ flow.escalate_safety16ms

rcpt_10932a69…cite2/2 grounded · faq.shipping29ms

rcpt_12d93026…policyGDPR Art 22 · pass42ms

rcpt_151e35e3…sendwhatsapp · sa••@kismetlabs.io55ms

rcpt_17633ba0…classifySUPPORT · 0.9168ms

rcpt_19a8415d…route→ flow.escalate_safety81ms

rcpt_1bee471a…cite3/3 grounded · orders.k42914ms

rcpt_1e334cd7…policyArt 13(b) · attached17ms

rcpt_20785294…sendtelegram · @yusu…30ms

rcpt_22be5851…classifySUPPORT · 0.9143ms

rcpt_25035e0e…route→ flow.escalate_safety56ms

rcpt_274863cb…cite4/4 grounded · policy.refund-eu69ms

rcpt_298e6988…policyretention 90d · ok82ms

rcpt_2bd36f45…sendweb · session 7f2…5ms

chain head 0xA8F24F2D…Merkle root rotated every 60s · published to S3

Try it · falsify a receipt

Pick any receipt above. Run our verifier. Not ours — yours.

The receipts API is open. Pull any ID from the live feed and pass it to /v1/verify. We'll show you the source documents, the hash chain, and the exact prompt — or admit we can't.

# run from your terminal — no auth needed
$ curl -X POST trust.simplification.io/v1/verify \
    -H "Content-Type: application/json" \
    -d '{ "receipt_id": "rcpt_a8f2…d104" }'

~ 240 ms

Verified · receipt is genuine

chain ok · linked to head

signatures 3/3 valid

sources 4/4 hash-match

article 13(b) attached

prompt immutable since send

latency 184 ms p95

C · Audit playground

Pick a real decision. We'll show you exactly how ARIA made it.

Sample data from a public e-commerce sandbox. Your auditors and DPO get the same view, scoped to your workspace, with PII unblurred under access controls.

Inbound · WhatsApp

"Hi, I ordered shoes 11 days ago, they don't fit. I see your policy says 14 days for returns — please refund."

From sa••@kismetlabs.io · workspace kismet-eu · Apr 28, 14:02 CET

ARIA's reply · sent verbatim

Hi Sara — yes, our EU return window is 14 days from delivery 1 policy.refund-eu. Your order shipped Apr 17, so you're within window 2 orders.k4291. I've started the refund — €120 back to the card ending ••24 within 5 business days 3 stripe.r_8a9.

3/3 sentences grounded

Trace · receipt rcpt_a8f2…d104

12-step decision · click any step to inspect

Channel parse whatsapp · text

2 ms

Language detect → es-419 → en

8 ms

PII scrub email · card last4

4 ms

2 fields

Embed query text-emb-3-large

31 ms

cached

Retrieve KB policy · orders · stripe

46 ms

3 hits

Classify intent refund_request

18 ms

0.93

Brand voice apply kismet-warm-en

2 ms

Draft reply haiku-4.5

71 ms

3 cites

Citation check 3/3 sentences grounded

12 ms

verified

Tone audit warmth · directness

9 ms

pass

Policy gate EU AI Act 13(b)

3 ms

art13 ✓

Sign-off receipt rcpt_a8f2…d104

1 ms

signed

Article 13(b) explanation attached

PDF · 4 pages · auditor-ready · receipt a8f2…d104

Download

D · Data & encryption

Where your data lives. Who can touch it.

Single-tenant Postgres per workspace. Customer data never leaves the EU unless you explicitly opt in. We don't train on your data. Ever.

Sub-processors

14 active · all DPA'd

Last updated Apr 28

Supabase · primary database

DB · row-level isolationEU · Frankfurt

AWS · compute & object storage

Workers · S3EU · Frankfurt

Cloudflare · edge / WAF / R2

Edge · DDoSEU · global

Anthropic · primary LLM

Inference · BYOKEU · Paris

OpenAI · embeddings

Vector · BYOKUS · opt-in

Twilio · WhatsApp / SMS

MessagingEU · Dublin

Stripe · billing only

No PII sharedUS · anon.

Drata · audit evidence

SOC 2 / ISOinternal

Encryption

In transit and at rest, end-to-end.

TLS 1.3 for every public endpoint
HSTS preload · HTTP/3 · forward secrecy
tls13
AES-256-GCM at rest
Per-tenant DEKs wrapped with KMS · keys rotated quarterly
aes-256
BYOK for LLM providers
Bring your Anthropic / OpenAI key — we never touch it
byok
Receipt signing · ed25519
Each receipt signed before leaving the worker · public key rotated yearly
ed25519

Data residency

EU-hosted by default. US opt-in only.

FRA + DUB · default

US · iad · opt-in

RPO < 60s · RTO < 15m

Backups 35d encrypted

E · Status & reliability

90 days of uptime. Every wobble, in writing.

Public status page. Postmortems within 5 business days. Live receipts so you can verify on your own. Currently serving API v1.9.8.4 · all dependency checks green.

status.simplification.io ↗

Components · last 90 days

All systems operational

Inbox · message ingest

Establishing

ARIA core · classifier & reply

Establishing

Receipts feed · /v1/verify

Establishing

Connectors · Shopify · WhatsApp · Stripe

Establishing

Dashboard & auth

Establishing

Recent incidents

3 in the last 90 days · 0 with data impact

Resolved · minorApr 22 · 14:08 → 14:31 UTC · 23m

WhatsApp connector · elevated message lag

Twilio rate-limit changes caused queue depth to spike. Failover to backup pool restored normal lag in 23m. 0 messages lost. Postmortem published.

Resolved · degradedMar 11 · 09:42 → 10:14 UTC · 32m

Dashboard slow on EU edge

Cloudflare worker memory leak in chart endpoint. Receipts & replies unaffected. Patch deployed; canary now catches this class of regression.

Resolved · informationalFeb 04 · 02:00 → 02:18 UTC · maintenance

Scheduled DB version upgrade · zero downtime

Postgres 16.2 → 16.4. Read replica swap; no requests dropped.

F · Procurement pack

Everything your security & legal team need.

Most asks are public. Sensitive evidence is one NDA away — auto-generated & signed in < 2 minutes via DocuSign.

SOC 2 Type II report

Mar 2026 · 84 pp · NDA required

Pen test summary

Cure53 · Q1 2026 · public

DPA template

Auto-fill · DocuSign · < 2 min

Sub-processor list (CSV)

Live · subscribe to changes

Stop trusting AI on faith. Start verifying it.

Talk to our team about a sandbox tenant — bring your own KB, your own auditors, and try to break a receipt. We'll buy the team coffee if you do.

Book a security review Read the receipts spec ↗