MEOK.AI
Sign inStart Free
Features
Pricing
Blog
About
🚀 Activate your agent

Free forever · No credit card

Trust Center · MEOK AI Labs

Trust, plainly stated.

We sell signed compliance attestations to companies that get audited. That means our own posture has to be auditable too. Every claim on this page is verifiable, dated, and accountable to a single named operator: Nicholas Templeman, founder, CSOAI LTD (UK Companies House 16939677).

Live signed attestations

MEOK signs its own compliance certificates with the same HMAC API customers buy. Every certificate has a verify_url any auditor can curl independently.

EU AI Act
Self-attested · auditor-verifiable
MEOK-EUAIAC-MAIN

Articles 4, 6, 9, 10, 14, 26(9), 43, 50, 72 — full crosswalk.

DORA (Reg 2022/2554)
Self-attested · auditor-verifiable
MEOK-DORA-MAIN

Operational resilience for financial entities + ICT third-party risk.

NIS2 / NIS2-UmsuCG
Self-attested · auditor-verifiable
MEOK-NIS2-MAIN

EU + Germany BSI register + Section 30 / 32 entity classification.

EU CRA (Reg 2024/2847)
Self-attested · auditor-verifiable
MEOK-CRA-MAIN

Annex IV technical documentation + 24h ENISA reporting (live 11 Sep 2026).

GDPR
Self-attested · DPIA template + Article 30 records
MEOK-GDPR-MAIN

EDPB harmonised DPIA template (14 Apr 2026) wired.

ISO/IEC 42001
Crosswalk shipped · external audit pending
MEOK-ISO42001-MAIN

AI management system controls cross-mapped to EU AI Act articles.

Security practices

  • All HMAC-signed attestations use SHA-256 with a server-side key never exposed to clients.
  • Stripe webhook signatures verified on every event — fail-loud if signature header missing.
  • API rate limiting: 120 req/min per IP, applied at middleware before any handler.
  • No PII stored beyond email + entity name in lead-capture flow; certs purge after 365 days.
  • All 234 PyPI packages signed at upload time; sigstore / SBOM roadmap Q3 2026.
  • Founder is sole technical operator; access to production is single-key + audit-logged.
  • Source code public on GitHub (CSOAI-ORG); third-party security review welcomed.
  • Open-source AGPLv3 / MIT licensing on MCP packages; commercial features licensed separately.

Sub-processors

The current vendors that process customer data on our behalf. We notify customers of material changes via email + this page.

VENDOR
PURPOSE
REGION
DPA
Vercel Inc.
Application hosting + edge CDN
EU + US (multi-region)
Stripe Inc.
Payment processing
EU + US
Anthropic PBC
LLM inference (when configured)
US (zero data retention on API)
Cloudflare Inc.
DNS + DDoS protection (Cloudflare-fronted MCPs only)
Global
Namecheap PrivateEmail
Business email (nicholas@csoai.org)
EU + US
GitHub Inc. (Microsoft)
Source code hosting + CI
Global
PyPI (Python Software Foundation)
Package distribution (234 MCPs)
Global

Policies + verifiers

Privacy Policy
GDPR-aligned, EU + UK + Swiss data handling, retention, rights.
Terms of Service
Commercial terms for paid tiers + free-tier signed attestations.
Security Statement
Encryption, key handling, incident response, access controls.
Sub-processors
Full list of vendors that may process personal data on our behalf.
Verifier
Independent cryptographic verification of any signed MEOK certificate.
Catalogue
All 234 published MCP packages + verify URLs.

Reporting a security issue

Found a vulnerability or compliance concern? Email security@csoai.org (mirrors to nicholas@csoai.org). 24-hour acknowledgement, 72-hour triage. We do not run a paid bug bounty yet but credit researchers in the next monthly trust update.

Last reviewed 27 April 2026. Material changes notified via email to active customers.
MEOK AI Labs is a trading name of CSOAI LTD · UK Companies House 16939677 · Registered England & Wales