PUBLIC WEBSITE
← Trust Center

Security · ReguShield AI

Security Statement

Version 1.0.0Effective 2026-06-28published
Issued by ReguShield UAB, a private limited liability company (uždaroji akcinė bendrovė) incorporated in the Republic of Lithuania (EU), operator of the ReguShield AI platform. Maturity, where stated, is labelled Implemented (live today), Planned (in progress) or Roadmap (intended, not yet in place). This document is compliance decision-support documentation, not legal advice.

This Security Statement summarises the technical and organisational measures ReguShield UAB (the Republic of Lithuania) uses to protect customer data on the ReguShield AI platform. Maturity is labelled Implemented, Planned or Roadmap; nothing here claims a certification that has not been obtained.

1. Encryption

(Implemented) Data is encrypted in transit using TLS 1.3 and at rest using AES-256, provided through our managed EU cloud infrastructure.

2. Access Control & Tenant Isolation

(Implemented) Authentication is provided by Supabase Auth. Every workspace is isolated by PostgreSQL row-level security keyed to the workspace owner's verified email, with role-based access control for members and server-side-only handling of secrets.

3. Auditing

(Implemented) Compliance-relevant actions and agreement acceptances are recorded in append-only audit trails; the governance acceptance audit is immutable by construction and retained as a permanent record.

4. Hosting & Data Residency

(Implemented) Customer workspace data is hosted in the European Union (Supabase managed PostgreSQL, EU region) with application delivery via Vercel. Sub-processors are listed in the Trust Center.

5. Resilience & Operations

(Implemented) Managed database backups are provided by our infrastructure provider. (Planned) A formal business-continuity and disaster-recovery plan, with tested recovery objectives, is being documented.

6. Assurance & Certifications

ReguShield UAB is NOT currently certified to ISO/IEC 27001, ISO/IEC 27701 or SOC 2 — these are Roadmap items, not present claims. (Planned/Roadmap) An independent penetration test and a formal information-security management programme are planned; their status will be updated in the Trust Center as work progresses.

7. DORA Operational Resilience

(Planned) ReguShield is mapping its ICT risk-management posture to the Digital Operational Resilience Act (DORA), including incident handling and third-party (sub-processor) risk management, reflecting its role as a technology provider to regulated entities.

8. Vulnerability Disclosure

(Implemented) We operate coordinated disclosure. Report a suspected vulnerability to security@regushield.ai; we aim to acknowledge within 72 hours.

Governing Law & Jurisdiction

This agreement is governed by the laws of the Republic of Lithuania and the directly applicable law of the European Union, without prejudice to mandatory consumer or data-protection rights available to the Customer in the Customer's jurisdiction. The courts of the Republic of Lithuania have jurisdiction, subject to any mandatory rule conferring jurisdiction elsewhere.

Document Control

Agreement ID RS-AGR-SECURI-933451E2F7F7 · Version 1.0.0 · Effective 2026-06-28 · Reference PUBLISHED. Issued by ReguShield UAB (hello@regushield.ai). This document is compliance decision-support documentation and is not legal advice; obtain qualified advice before reliance.

Decision-support, not legal advice. Questions? hello@regushield.ai.