{
  "name": "Super Carl Trust Center",
  "url": "https://trust.supercarl.ai/",
  "organization": {
    "name": "Super Carl",
    "url": "https://supercarl.ai",
    "security_contact": "security@supercarl.ai",
    "support_url": "https://supercarl.ai/support"
  },
  "assessment_status": [
    {
      "name": "CASA / TAC Security Assessment",
      "status": "certified",
      "scope": "assessed application scope",
      "image": "https://trust.supercarl.ai/assets/trust-marks/cert-casa.svg"
    },
    {
      "name": "Encryption at Rest",
      "status": "implemented",
      "image": "https://trust.supercarl.ai/assets/trust-marks/cert-encryption.svg"
    },
    {
      "name": "Transport Security",
      "status": "implemented",
      "image": "https://trust.supercarl.ai/assets/trust-marks/cert-transport.svg"
    },
    {
      "name": "Security Contact",
      "status": "monitored",
      "image": "https://trust.supercarl.ai/assets/trust-marks/cert-security-contact.svg"
    }
  ],
  "public_links": {
    "home": "https://supercarl.ai/",
    "privacy_policy": "https://supercarl.ai/privacy",
    "terms_of_service": "https://supercarl.ai/terms",
    "ai_processors": "https://supercarl.ai/ai-processors",
    "security_txt": "https://trust.supercarl.ai/.well-known/security.txt",
    "llms_txt": "https://trust.supercarl.ai/llms.txt",
    "markdown_summary": "https://trust.supercarl.ai/trust-center.md",
    "encrypted_document_manifest": "https://trust.supercarl.ai/secure-docs/manifest.json"
  },
  "unlock_key_support": {
    "status": "supported",
    "delivery": "Approved recipients can receive an unlock key or URL fragment out-of-band.",
    "security_note": "Private documents are encrypted as static JSON packages. The unlock key is not included in the public bundle."
  },
  "requestable_documents": [
    "CASA / TAC SAQ Assessment Summary",
    "Data Breach Incident Response Policy",
    "Security Incident Response Policy",
    "Data Processing Addendum",
    "Web Application Security Testing Report",
    "Infrastructure Architecture and Data Flow",
    "Access Control Policy",
    "Information Security Policy",
    "Secure Development Policy",
    "Business Continuity and Disaster Recovery Plan",
    "Third-Party Management Policy",
    "Risk Management Policy",
    "Data Retention and Deletion Policy"
  ],
  "controls": [
    "Access Control",
    "Authentication and Sessions",
    "Data Protection",
    "Uploaded and Fetched Media",
    "Secure Development",
    "AI Data Use",
    "Third-Party Risk",
    "Incident Response",
    "Availability and Recovery",
    "Privacy and Data Rights",
    "Cloud Security",
    "Trust Updates"
  ],
  "subprocessors": [
    { "name": "Amazon Web Services", "purpose": "Cloud infrastructure hosting", "location": "United States", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-aws.svg" },
    { "name": "Google / Firebase", "purpose": "Authentication, integrations, push notifications, and workspace APIs", "location": "United States / global", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-google-firebase.svg" },
    { "name": "OpenAI", "purpose": "AI model provider", "location": "United States", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-openai.svg" },
    { "name": "Twilio SendGrid", "purpose": "Transactional email delivery", "location": "United States", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-sendgrid.svg" },
    { "name": "Twilio", "purpose": "SMS delivery and phone verification", "location": "United States", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-twilio.svg" },
    { "name": "Stripe", "purpose": "Payments and subscription management", "location": "United States", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-stripe.svg" },
    { "name": "Apple", "purpose": "Sign in with Apple and in-app purchase services", "location": "United States / global", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-apple.svg" },
    { "name": "LinkedIn", "purpose": "User-authorized social and professional graph integrations", "location": "United States / global", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-linkedin.svg" },
    { "name": "X", "purpose": "User-authorized social integration", "location": "United States / global", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-x.svg" },
    { "name": "Coresignal", "purpose": "Professional profile and company data enrichment", "location": "United States / European Union", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-coresignal.png" },
    { "name": "Hunter", "purpose": "Business contact enrichment", "location": "United States / European Union", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-hunter.png" },
    { "name": "MaxMind", "purpose": "IP-based location inference", "location": "United States", "logo": "https://trust.supercarl.ai/assets/trust-marks/provider-maxmind.png" }
  ],
  "private_document_policy": "Private evidence documents are not embedded in the public static bundle. Access requests are reviewed before release."
}