Trust

The honest version.

We won't claim certifications we don't hold. Here's what's actually true.

Llewellyn Systems Inc · audit status

What ODE Genie itself is certified for.

SOC2 Type II

Not yet certified

Roadmap target. We will not claim it until audited.

HIPAA

Not yet certified

No BAA offered yet. Required HIPAA workloads should wait.

GDPR

Aligned

Data export + deletion available on request to llewellyn@llewellynsystems.com.

CCPA

Aligned

California residents can request data export + deletion.

Infrastructure · inherited certifications

What the platform underneath is certified for.

Your data is encrypted at rest and in transit through the controls of these vendors. Their certifications protect what they handle. They do not certify Llewellyn Systems Inc itself.

Supabase

Database, auth, storage

◆SOC2 Type II
◆HIPAA (with add-on)

View trust portal →

Vercel

Application hosting, edge compute

◆SOC2 Type II
◆GDPR

View trust portal →

Stripe

Payments, billing

◆PCI DSS Level 1
◆SOC2 Type II

View trust portal →

Cloudflare

CDN, DNS, DDoS protection

◆SOC2 Type II
◆ISO 27001
◆PCI DSS

View trust portal →

Data handling

How we treat what you send us.

Residency

Supabase US-East by default. EU residency available on request.

Encryption

At rest (AES-256 via Supabase) and in transit (TLS 1.3 via Cloudflare + Vercel).

Training

We do not train models on your data. Genies use your data only to grant your wishes.

Export & deletion

Business plan: self-serve. Free / Pro: email llewellyn@llewellynsystems.com, 7-day SLA.

Questions?

Ask anything — we'll answer honestly.

Compliance, security, data handling, incident response — real questions get real answers.

llewellyn@llewellynsystems.com

Llewellyn Systems Inc · 2601 Blanding Ave, Ste C248, Alameda CA 94501 · EIN 41-3612271