fastpace trust portal
Evidence request

Get the artifact your auditor (or procurement team) needs

Self-serve flow for the most common asks. We respond within 5 business days; signed delivery to a verified contact at your organization. No SaaS account required.

What you can request

Attestation report

SOC 2 Type I (when complete), Type II, ISO 27001, ISO 42001 — see current status. Released under NDA.

Security questionnaire

Pre-answered CAIQ, SIG Core, SIG Lite, VSA, or your custom questionnaire. See all available.

Audit evidence pack

For your own org's auditor: a signed bundle from a fastpace install. Generated via fastpace snapshot --since YYYY-MM-DD: ADRs + audit log + run manifests + AI-BOMs + framework mapping + provenance trailers + (optional) red-team posture report. The evidence layer is vendor-neutral: the same guardrails + signed capture deploy to Claude Code, Codex, and Gemini CLI (one hook codebase, generated per vendor), so swapping the model won't move the paper trail.

Penetration test summary

Latest external pen test summary. Released under NDA. Full report on request after MNDA.

Custom data-flow diagram

Org-specific data-flow narrative for your runtime architecture (Bedrock / Azure OpenAI / Vertex / Anthropic-direct). We deliver a narrative + diagram tied to YOUR sub-processor list.

Request form

Fill in the form; submit goes to security@fastpace.net via your default mail client (no portal account required for the first cut). Encrypt the email with our PGP key for sensitive details.

Your default email client opens with a pre-filled message to security@fastpace.net. Adjust the message body before sending if you'd like — e.g. add the PGP key fingerprint, or attach an existing TPRM platform link.

What we don't do

We don't share your data with third parties

Evidence requests stay between fastpace and your security/procurement team. We do not publish your name, your org's name, or the artifact request to a public ledger.

We don't put fastpace internals in cleartext

Audit evidence packs from fastpace snapshot contain only sha256 digests of prompts, responses, and contexts — never plaintext. See the threat model for the full privacy stance.

Prefer email straight away? security@fastpace.net. Acknowledgement within 48 hours.