Trust Center

Certifications & Frameworks

ISO/IEC 27001

Information Security Management

In progress

Information security management system covering organizational, people, physical, and technological controls.

Target: Q1 2027

ISO/IEC 27701

Privacy Information Management

In progress

Extension to ISO/IEC 27001 for privacy-specific controls, supporting GDPR and CCPA/CPRA alignment.

Target: Q1 2027

SOC 2

Trust Services Criteria

In progress

AICPA Trust Services Criteria for Security, Availability, Confidentiality, and Privacy.

Target: Type I Q3 2026, Type II Q2 2027

ISO/IEC 42001

AI Management System

In progress

Management system for organizations providing or using AI products and services.

Target: Q3 2027

NIST AI RMF 1.0 + Generative AI Profile

AI Risk Management

Adopted

NIST AI Risk Management Framework and Generative AI Profile adopted across our AI practice.

CCPA / CPRA

California Consumer Privacy Law

Compliant

California Consumer Privacy Act, as amended by the California Privacy Rights Act. Includes a documented Do Not Sell or Share process.

TAKE IT DOWN Act

U.S. Federal

Compliant

Compliance with the TAKE IT DOWN Act will be in effect from May 2026. Applies to any hosted BLKWV product that permits user-generated content.

Effective: 2026-05-01

Security

Controls are implemented across encryption, access control, vulnerability management, and incident response. Attack-surface detail is shared under NDA.

Encryption in transit (TLS 1.2+) and at rest (AES-256) for customer data.
Role-based access control with mandatory MFA; least-privilege reviewed quarterly.
Vulnerability management with scheduled scanning and time-bounded remediation SLAs.
24x7 incident response with documented severity tiers and customer notification windows.

Privacy

We comply with CCPA/CPRA. GDPR-readiness is available for customers with EU data subjects.

Read the full Privacy Policy·Do Not Sell or Share My Personal Information

Responsible AI

We follow NIST AI RMF 1.0 and the Generative AI Profile. Our controls include AI Impact Assessments, red-teaming, inference logging, and human oversight.

We will not claim ISO/IEC 42001 certification until a certificate has been issued.

Responsible AI policy →

Biometric Information Policy

Not applicable — BLKWV does not currently collect biometric identifiers. This section will be populated when the voice product enters general availability.

Subprocessors

Subprocessors that may process customer data on our behalf. Updated when a new subprocessor is engaged; customer notice follows the DPA.

Last updated: 2026-05-28

Name	Country	Purpose	DPA
Cloudflare, Inc.	United States	CDN, DNS, WAF, and edge delivery for blkwv.com	DPA
GitHub, Inc. (Microsoft)	United States	Source code hosting, container registry (GHCR), and CI/CD	DPA
OpenAI, L.L.C.	United States	LLM and AI model APIs. API data is not used for model training.	DPA
Anthropic, PBC	United States	LLM and AI model APIs (Claude). API data is not used for model training.	DPA
Deepgram, Inc.	United States	Speech-to-text and voice AI APIs.	DPA
xAI Corp.	United States	LLM and AI model APIs (Grok).	DPA
Intakera	United States	AI advisor / intake assistant on blkwv.com that processes messages submitted by site visitors.	DPA

Data Processing Addendum

Our DPA is GDPR-ready and CCPA-ready. Download the current template below; execution requires an MSA.

Template is being prepared by compliance. Request a copy via [email protected].

Vulnerability Disclosure

We accept coordinated vulnerability disclosures. We do not offer a paid bounty at this time.

Contact: [email protected]
Acknowledgement: within 48 hours
Triage: within 5 business days

Full disclosure policy →

Audit reports

BLKWV does not yet hold a SOC 2 or ISO certification. We are working toward them on the timeline shown above; reports will be available under NDA once an independent auditor issues them. Until then, we share our control documentation under NDA on request.

Request our control documentation →