How we run Handshake.AI as a vendor: compliance roadmap, sub-processors, DPA on request, vulnerability disclosure, SLA, and pen-test policy. For evidence requests, security questionnaires, or anything not listed below, email info@handshake.ai.
We're building toward the audit and assurance posture regulated buyers need. The list below shows what we're working on and where each item stands today.
In progress, controls drafted, audit firm engaged
Observation period begins after the Type I report
Planned
Planned, sponsor engagement to follow
Vendors that may process customer data on our behalf. The list below shows the categories we operate in; the current named vendor list is available on request and we notify customers under contract before adding a new sub-processor.
Request the current named list: info@handshake.ai.
A standard DPA is available on request and is signed before any production rollout that processes personal data. Email info@handshake.ai with your entity name and we'll send the current draft.
Report security issues, including suspected vulnerabilities in the protocol, the SDKs, or our hosted services, to security@handshake.ai. We acknowledge within two business days, target initial triage within five, and will credit reporters in release notes by default unless you ask us not to. Please don't test against production tenants you don't own.
Hosted Registry availability target is 99.9% monthly for paid tiers, with credits issued against the affected month's fees. Receipt verification is offline by design and continues to function during Registry incidents, only DID document lookups and freshness checks against the Registry are affected. Full SLA terms are part of the master agreement and are shared alongside the DPA on request.
We engage a third-party firm for an annual penetration test against the hosted Registry and Console; the most recent executive summary is shared under NDA on request. Customers on Enterprise tiers may run their own coordinated penetration tests against a non-production tenant, contact security@handshake.ai to arrange scope and timing.
Signed: Handshake.AI · Last updated May 2026.
Looking for an active production rollout? Apply to be a design partner →