参考訳
このドキュメントの繁体字中国語版は、便宜のために提供されています。英語版が正式な文書であり、矛盾がある場合には英語版が優先されます。質問がありますか?お願いします お問い合わせ。
Security and compliance, trace each claim to its source.
Every control, sub-processor, and admin console is enumerated below with a pointer to the runbook or code path that backs it. The full evidence pack is available under NDA via email-verified access.
What we mean when we say “trustworthy”
Trust isn't a logo on a marketing page — it's a list of structural decisions an auditor can verify in code. The six pillars below are how we've built Factory Labs to survive the questions on the standard SOC 2 / CAIQ-Lite / SIG-Lite questionnaires without needing to invent answers.
Schema-per-tenant isolation
Every organization gets its own Postgres schema (`org_<slug>`). Cross-tenant access is impossible by construction — every query runs through `withTenant()` which sets `search_path` to the calling org. Audited by a regression test that confirms a tenant A request is rejected when authenticated as tenant B.
src/lib/db/tenant.ts, src/__tests__/cross-tenant/
Encrypt at rest, in transit, and at the per-record layer
TLS 1.3 only on the wire (1.0/1.1 rejected at handshake). Neon-native AES-256-GCM at rest. Per-tenant DEK with AES-256-GCM HKDF-SHA-512 wrap for OAuth tokens, API keys, and webhook secrets — leaked DB rows are useless without the per-tenant key.
next.config.ts, src/lib/db/crypto.ts, src/lib/integrations/crypto.ts
MFA enforced across administrative consoles; quarterly reverification program in progress
Vercel, Neon, GitHub, Twilio, Resend, Anthropic, OpenAI, Deepgram, Databricks, Stripe, registrar — MFA is enforced (TOTP or hardware key) on every door into tenant data. End-user MFA enforced by the upstream IdP (Google Workspace / Entra / GitHub). Quarterly reverification of all admin-console attestations is in progress.
docs/trust/identity-mfa-attestation.md
Zero training on tenant prompts
Anthropic Claude, OpenAI GPT, Deepgram STT — every LLM/STT call is made with the provider's zero-data-retention contract enabled. No prompt or transcript is stored beyond the 30-day abuse-detection window. Contractually enforced via enterprise terms.
Provider enterprise contracts (request via security@)
All sub-processors enumerated under Article 28 GDPR
Every third party that stores, processes, or transmits tenant data is listed with purpose, region, and compliance posture. 30-day advance email notification for changes (Enterprise tier). No silent vendor swaps.
docs/trust/sub-processors.md
Audit trail of every privileged action
Super-admin actions, impersonation events, integration changes, and gated evidence-pack downloads each write an append-only log row with actor email, IP, user agent, and target. Never deleted; queryable by tenant DPO via security@.
src/lib/db/schema.ts (audit_log, super_admin_audit_log, trust_access_log)
Get the full evidence pack
The pack contains everything on this page plus the operational runbooks (incident response, secret rotation, tenant offboarding) and the latest pentest report. Released to you under mutual NDA; each PDF is watermarked with your email and download timestamp.
- SOC 2 controls catalog (CC1–CC9, A1, C1, P)
- Sub-processor inventory (Article 28 GDPR)
- Identity & MFA attestation (15 consoles)
- Operational runbooks
- Latest pentest report
Allowlisted customer / partner domains are auto-approved on email verification.
- 1. Submit your work email + intended use.
- 2. Get a 6-digit code in your inbox.
- 3. View tabs + download watermarked PDFs.