Current controls
The public trust page lists shipped controls and launch review items in plain language.
Trust and security
A clear launch posture with honest limits.
Yrka uses Supabase auth, organization scoping, RLS, role checks, private file storage, signed URLs, audit events, and documented operations runbooks.
Launch posture
Trust and readiness
Trust copy describes shipped controls and owner-required launch evidence without overclaiming certifications.
Asset slot
Trust page and security controls checklist
Capture trust/legal page and controls checklist only after final legal review.
What is ready now
These points describe shipped product behavior or explicitly scoped setup readiness. Final screenshots and recordings will be captured from the product after demo data is frozen.
Private employee document bucket with short-lived signed URLs
Service-role use limited to server-side routes and controlled scripts
No SOC 2, HIPAA, payroll processor, tax filing, or uptime SLA claim at launch
Customer responsibilities
Customers remain responsible for their own employment, legal, payroll, tax, notices, and compliance obligations.
Included scope
- Supabase auth
- Organization scoping
- RLS
- Role checks
- Private file storage
- Signed URLs
- Audit events
- Operations runbooks
Not included
- SOC 2 report
- ISO 27001 certification
- HIPAA compliance
- Payroll processor status
- Formal uptime SLA
Asset source tracking
Product imagery is published only after the capture source, demo organization, viewport, data set, and refresh trigger are recorded.
- Route
- /trust-security
- Surface
- Trust page and security controls checklist
- Organization
- Approved demo organization after final seed reset
- Viewport
- Desktop 1440x1024 and mobile 390x844
- Data set
- Synthetic approved demo data only
- Refresh date
- Pending final product capture
- Refresh trigger
- Refresh after material UI, legal copy, seed data, data model, or route changes
Buyer FAQ
These answers keep trial, support, export, provider, AI, mobile, and trust expectations consistent across the public site.
Does Yrka claim SOC 2, ISO 27001, or HIPAA?
No. Public trust copy lists shipped controls and final prelaunch evidence needs, but certifications and formal compliance claims are not claimed.
Can I start without a sales call?
The current path supports controlled trial activation. No-card demo tenants remain support-approved so capacity, provider setup, sensitive uploads, and data-retention expectations stay bounded.
What happens if we cancel?
Paid access normally ends at the end of the billing period, then the workspace enters a 30-day export/reactivation window unless a verified deletion request is completed earlier.
Does Yrka process payroll or file taxes?
No. Yrka supports timekeeping, payroll-prep exports, review, and provider handoff. Customers remain responsible for payroll processing, tax filing, legal, HR, and compliance decisions.
What mobile support is included?
Launch mobile support is responsive web/PWA-oriented. Employees get scoped offline read context and supported queued writes with visible sync states; native app-store apps and broad offline admin operation are not part of launch scope.