{"schema":"https://trust.sigmashake.com/schemas/compliance-manifest.v1.json","schema_version":"1.0.0","manifest_version":"2026.05.13","generated_at":"2026-05-26T06:31:58.053Z","organization":{"legal_name":"SigmaShake Inc.","website":"https://sigmashake.com","trust_center":"https://trust.sigmashake.com","security_program":"https://security.sigmashake.com","contact":"security@sigmashake.com","jurisdictions":["United States (Delaware)"]},"attestation_levels":{"self_assessed":"Internal review; no external party has verified the claim.","internally_audited":"Evidence collected on schedule by sigmashake-compliance; Ed25519-signed; daily Merkle root anchored into public transparency log.","third_party_audited":"Independent external auditor (CPA firm) has reviewed evidence and issued a report.","automated":"Continuous automated collection without signing.","cryptographically_attested":"Same as internally_audited plus signed bundle downloadable from the compliance worker."},"verification":{"public_key_url":"https://compliance.sigmashake.com/.well-known/compliance-pubkey","verify_endpoint":"https://compliance.sigmashake.com/api/v1/verify","signature_algorithm":"Ed25519","content_hash_algorithm":"SHA-256","transparency_log":"https://hub.sigmashake.com/transparency","sub_processors_feed":"https://compliance.sigmashake.com/api/v1/sub-processors.json"},"frameworks":[{"id":"SOC2","name":"SOC 2 Type II","version":"2017 TSC (rev. 2022)","scope":"Security, Availability, Confidentiality, Processing Integrity","status":"observation_window_open","observation_window":{"start":"2026-05-18","end":"2026-11-17"},"report_target_date":"2026-12-31","attestation_level":"internally_audited","target_attestation_level":"third_party_audited","controls_total":43,"controls_implemented":43,"evidence_url":"https://trust.sigmashake.com/compliance/soc2","nda_required_for_full_report":true},{"id":"ISO27001","name":"ISO/IEC 27001:2022","version":"2022","scope":"Information Security Management System (ISMS)","status":"mapped","attestation_level":"self_assessed","target_attestation_level":"third_party_audited","controls_total":93,"controls_implemented":93,"evidence_url":"https://compliance.sigmashake.com/compliance/iso27001"},{"id":"GDPR","name":"EU General Data Protection Regulation","version":"Reg. (EU) 2016/679","scope":"Data protection — controllers and processors","status":"compliant","attestation_level":"internally_audited","controls_total":31,"controls_implemented":31,"articles_applicable":25,"articles_not_applicable":["Art. 8","Art. 9","Art. 10","Art. 22","Art. 26","Art. 37"],"articles_mapped":["Art. 5","Art. 6","Art. 7","Art. 8","Art. 9","Art. 10","Art. 12","Art. 13","Art. 14","Art. 15","Art. 16","Art. 17","Art. 18","Art. 19","Art. 20","Art. 21","Art. 22","Art. 24","Art. 25","Art. 26","Art. 27","Art. 28","Art. 30","Art. 32","Art. 33","Art. 34","Art. 35","Art. 37","Art. 44","Art. 45","Art. 46"],"evidence_url":"https://trust.sigmashake.com/compliance/gdpr","dsr_endpoint":"https://compliance.sigmashake.com/api/v1/dsr","breach_notification_sla_hours":72,"downstream_breach_notification_sla_days":14},{"id":"UK-GDPR","name":"UK GDPR + Data Protection Act 2018","scope":"Data protection — UK","status":"compliant","attestation_level":"internally_audited","transfer_mechanism":"UK IDTA / UK Addendum to SCCs","evidence_url":"https://trust.sigmashake.com/compliance/gdpr"},{"id":"CH-FADP","name":"Swiss Federal Act on Data Protection (revFADP)","version":"effective 2023-09-01","scope":"Data protection — Switzerland","status":"compliant","attestation_level":"internally_audited","evidence_url":"https://trust.sigmashake.com/compliance/gdpr"},{"id":"CCPA","name":"California Consumer Privacy Act / CPRA","version":"CPRA-amended (2023)","scope":"Data protection — California residents","status":"compliant","attestation_level":"self_assessed","evidence_url":"https://trust.sigmashake.com/compliance/ccpa"}],"control_categories":[{"id":"identity_access","name":"Identity & Access","controls":6,"attestation_level":"internally_audited"},{"id":"cryptography","name":"Cryptography","controls":4,"attestation_level":"internally_audited"},{"id":"data_protection","name":"Data Protection","controls":5,"attestation_level":"internally_audited"},{"id":"application_hardening","name":"Application Hardening","controls":4,"attestation_level":"automated"},{"id":"data_subject_rights","name":"Data-Subject Rights & Transparency","controls":4,"attestation_level":"cryptographically_attested"},{"id":"logging_monitoring","name":"Logging & Monitoring","controls":3,"attestation_level":"automated"},{"id":"vendor_management","name":"Vendor / Sub-Processor Management","controls":2,"attestation_level":"cryptographically_attested"},{"id":"incident_response","name":"Incident Response & Breach Notification","controls":3,"attestation_level":"internally_audited"}],"automated_collectors":{"count":68,"cadences":["daily 06:17 UTC","weekly Mon 07:23 UTC","monthly 1st 08:33 UTC","quarterly Jan/Apr/Jul/Oct 1st 09:43 UTC"],"signing_algorithm":"Ed25519","content_hash_algorithm":"SHA-256","merkle_root_cadence":"daily","transparency_anchor":"https://hub.sigmashake.com/transparency","retention":{"storage":"Cloudflare R2 with Object Lock","retention_days":90}},"public_endpoints":{"compliance_manifest":"https://trust.sigmashake.com/.well-known/compliance.json","compliance_summary_markdown":"https://trust.sigmashake.com/llms.txt","compliance_summary_full_markdown":"https://trust.sigmashake.com/llms-full.txt","security_txt":"https://trust.sigmashake.com/.well-known/security.txt","sitemap":"https://trust.sigmashake.com/sitemap.xml","dsr_intake":"https://compliance.sigmashake.com/api/v1/dsr","sub_processors":"https://compliance.sigmashake.com/api/v1/sub-processors.json","compliance_pubkey":"https://compliance.sigmashake.com/.well-known/compliance-pubkey","verify_signature":"https://compliance.sigmashake.com/api/v1/verify","vulnerability_report":"https://trust.sigmashake.com/vulnerability-report"},"privately_available":{"controls_evidence_report":{"url":"https://trust.sigmashake.com/report?type=controls","requires":"mutual_nda"},"penetration_test_report":{"url":"https://trust.sigmashake.com/report?type=pentest","requires":"mutual_nda"},"soc2_readiness_report":{"url":"https://trust.sigmashake.com/report?type=soc2","requires":"mutual_nda"}},"policies":{"privacy_policy":"https://docs.sigmashake.com/policies/privacy-policy","terms_of_use":"https://docs.sigmashake.com/policies/terms-of-use","data_processing_agreement":"https://docs.sigmashake.com/policies/data-processing-agreement/","international_transfers":"https://docs.sigmashake.com/policies/data-processing-agreement/#8-international-data-transfers"}}