B2B TRUST PACKAGE · PRE-ISO READY

AdaptOrch Trust Center

A ten-document security, privacy, and operations package for customers who need evidence that AdaptOrch is prepared before formal ISO/ISMS certification work begins.

Documents: 10 public policies
Effective date: April 27, 2026
Maintainer: EGG Co., Ltd.
Security contact: ict03@rfems.com

DOC-SEC-001

Information Security Policy

How AdaptOrch protects customer data, API keys, orchestration metadata, and operational systems.

DOC-PRV-001

Privacy Policy

How AdaptOrch collects, uses, retains, and protects personal information for the SaaS website and application.

DOC-TOS-001

Terms of Service

Commercial and acceptable-use terms for using AdaptOrch SaaS and related APIs.

DOC-DRD-001

Data Retention and Deletion Policy

Retention windows, deletion triggers, export handling, and recovery limitations for AdaptOrch data.

DOC-KEY-001

API Key Management Policy

Lifecycle controls for creating, storing, using, rotating, revoking, and auditing AdaptOrch API keys.

DOC-BCP-001

Incident, Backup, and Recovery Policy

How AdaptOrch prepares for, detects, responds to, backs up, and recovers from service disruption or security incidents.

DOC-ACR-001

Access Control Register

A public summary of how AdaptOrch maintains role-based access records and reviews privileged access.

DOC-LLM-001

External LLM Provider Data Transfer Description

What data may be sent to external LLM providers when AdaptOrch routes tasks for inference or evaluation.

DOC-VDP-001

Vulnerability Disclosure Policy

Safe-harbor aligned rules for reporting suspected vulnerabilities in AdaptOrch public systems.

DOC-AUD-001

Operational Audit Log Policy

Which operational events AdaptOrch records, why they are retained, and how they support B2B trust reviews.