One page. Every document.

The contract between you and OOretz when you use the factory.

GDPR Art. 28 processor agreement. Includes sub-processor list and Standard Contractual Clauses module reference.

99.9% / 99.95% uptime are targets on planned Team / Enterprise tiers. No contracted SLA today. Hobby and Pro are best-effort. Public component status lives at /factory/status.

What data we collect, why, how long we keep it, and your rights to access or delete it.

How to report security vulnerabilities. In-scope, out-of-scope, ground rules, what we owe back.

Honest table of where we stand on 9 frameworks: SOC 2, HIPAA, GDPR, CCPA, ISO 27001, EU AI Act, NIST AI RMF, PCI-DSS, FedRAMP.

38-item engineering controls grid: encryption, access control, monitoring, key management, vendor risk, BCP.

Public ADRs in the Thoughtworks pattern. Shows how we made every technical trade-off and the consequences we live with.

RFC 9116 — discoverable contact for security researchers + policy link.

AI bot opt-in/out signaling per the emerging spawning.ai spec.

LLM discovery file per llmstxt.org — what we are, where the canonical pages live.

Structured product manifest with pricing, surfaces, compliance status, contact emails, legal links.