The receipts. Every topic, one page.
Garde1 protects scope, SSP drafts, and connector-derived posture — and never CUI. Below is the full trust surface: architecture, the assessor packet, and the deeper dives security reviewers ask for. No marketing layer.
Zero trust. Least privilege. Privacy by design.
The five-stage control architecture — edge, identity, tenancy, data, trail — built on FedRAMP Moderate-authorized AWS services.
Compliance packetThe assessor packet, line by line.
Customer Responsibility Matrix, SSP boilerplate, and the §170.19 framing that explains where Garde1 sits in your assessment.
No-CUIWhy Garde1 doesn’t hold CUI.
Architecture and policy guarantees that keep CUI out of the commercial platform — written for assessors and prime-contractor security reviews.
AI data useZero retention. Not used for training.
Which model providers Garde1 uses, what data they see, what they can’t see, and the contractual terms that keep your evidence out of model-training corpora.
SubprocessorsEvery third party with access, named.
The complete list of subprocessors, what each one processes on Garde1’s behalf, and where they sit in the data flow. Updated when it changes.
Connector scopesRead-only by default. Write only on request.
The exact OAuth scope each vendor connector requests, why it’s needed, and which workflows escalate to write access — with per-user, per-workflow consent.
Real-time platform status is published at status.garde1.com. Found something? Use the responsible-disclosure form on the security page.