Transparency Report

An honest accounting of security incidents, vulnerability disclosures, data requests, and our security testing program.

Reporting period: Platform launch through February 18, 2026

Security Incidents

0
Security incidents
0
Data breaches
0
Unauthorized access events

No security incidents have occurred since the platform's launch. If an incident occurs, it will be documented here with a timeline, impact assessment, and remediation steps.

We define "security incident" as any event that compromises the confidentiality, integrity, or availability of user data. Near-misses and detected attack attempts that were successfully blocked are not counted as incidents.

Vulnerability Disclosure Submissions

0
Reports received
0
Confirmed vulnerabilities
0
Resolved

No vulnerability reports have been received through our vulnerability disclosure program. We actively encourage security researchers to test and report findings.

Government & Law Enforcement Data Requests

0
Requests received
0
Data disclosed

No government, law enforcement, or regulatory body has requested user data. If we receive a valid legal request, we will comply with applicable law while protecting user rights to the maximum extent possible. We will notify affected users unless legally prohibited from doing so.

Governance & Attestation Documents

The following governance documents are available on request for enterprise procurement teams and security reviewers:

  • Management Assertion (Bridge Letter) — AICPA-format management representation covering control design and operating effectiveness, with SOC 2 TSC control-to-evidence index
  • NIST SP 800-63 AAL Mapping — Formal mapping of authentication architecture to NIST Authenticator Assurance Levels (architectural self-assessment, not independently attested)
  • Quarterly Security Report — Formal quarterly metrics, control changes, risk register updates, access reviews, and vendor assessments
  • On-Call Coverage Schedule — Coverage hours, on-call rotation, response SLAs by severity and time period

Contact security@abundera.ai to request any of these documents.

Platform Availability

Platform availability is monitored every 60 seconds from multiple global locations.

View live status page →

View independent uptime report (UptimeRobot) →

Security Testing History

Our security testing program has grown continuously since the platform's inception.

Feb 2026 v6.0 — Current 908 pentest ·audit · 6,118 unit
Feb 2026 v5.0 780 pentest · 6,000 audit · 1,000 unit
Jan 2026 v4.0 620 pentest · 5,200 audit · 900 unit
Jan 2026 v3.0 450 pentest · 4,500 audit · 780 unit
Q4 2025 v2.0 280 pentest · 3,200 audit · 600 unit
Q4 2025 v1.0 — Initial 120 pentest · 2,400 audit · 450 unit

Security Roadmap

Dated milestones for independent validation and security maturity improvements.

Q2 2026 Independent penetration test (CREST-accredited) Vendor selected, contracting
Q2 2026 Pentest executive summary published Planned
Q3 2026 SOC 2 Type I audit engagement Planned
Q3 2026 Private bug bounty program launch Planned
Q2 2026 Cyber insurance policy binding Planned
Q4 2026 SOC 2 Type I report available under NDA Planned
Q4 2026 Customer audit chain verification script Planned
2027 SOC 2 Type II, annual red team, key management enhancements Planned

View full compliance roadmap →

← Back to Security Portal
← Back to Security
← Back to home