Trust Center
One place for our certifications, security controls, and compliance documentation. Independently verified where possible, transparent everywhere else.
Figures from our compliance platform (Tidal Control), as of 2026-06-12.
Verify our ISO 27001 certificate yourself, no NDA required
Our certificate is listed in the public register of Kiwa, an RvA-accredited certification body. Certificate number K-0229199/1, valid from 13 May 2026 until 12 May 2029. Scope: development, management and support of the AI platform for law firms in Europe.
Frameworks & independent assurance
ISO 27001:2022
Certified by Kiwa. Annual surveillance audits.
CertifiedGDPR
Managed as an active framework in our ISMS, with a data processing agreement for every customer.
Active frameworkPenetration testing & responsible disclosure
Annual independent penetration tests by NCC Group (Fox-IT), management summary available under NDA. Complemented by an ongoing open responsible disclosure programme: vulnerabilities can be reported at any time via security@andri.ai.
Annual + ongoingISO 42001
AI Management System: certification track in progress.
In certificationDocumentation
Publicly available
- Security Policy (downloadable as PDF with SHA-256 verification)
- Terms of Service (downloadable as PDF with SHA-256 verification)
- Privacy Policy, Data Policy and Data Transfers
- Current sub-processor list (changes announced 30 days in advance)
- ISO 27001 certificate in the Kiwa register
Available under NDA
- NCC Group (Fox-IT) penetration test management summary
- Data processing agreement template and sub-processor register
- Tenant isolation architecture document
- Internal EU AI Act classification memo (limited risk)
Request via info@andri.ai. We respond to security questionnaires at no additional cost.
Security questions?
Report a security incident or vulnerability, or ask a due diligence question: