Eyelogs separates what can be used today from what requires implementation. We do not claim SOC 2, ISO 27001, HIPAA, PCI, or government certification unless a signed implementation produces that evidence.
Current vs roadmap
Buyer diligence matrix
Can use todayPublic product reviewProduct pages, workflow previews, local/static product workspaces, meeting forms with local fallback, and clear implementation conversations.Requires implementationEnterprise controlsProduction SSO, MFA, customer-specific RBAC, database isolation, backups, monitoring, audit retention, DPA terms, and deployment runbooks.Not supported as claimedCertification claimsNo unsupported SOC 2, ISO, HIPAA, PCI, certified payroll, certified GST filing, or official accounting-system replacement claims.
Trust routing
What buyers should request during scoping.
Security questionnaireRequest current architecture notes, hosting assumptions, data flow, access model, backup expectations, logging, incident contact, and third-party processor list.Implementation evidenceAsk for the controls that will be configured in your environment: tenant setup, roles, storage, audit export, monitoring, recovery, and acceptance tests.Data handlingConfirm whether production data, sample data, or imported exports will be used during pilot and who approves migration.Unsupported boundariesConfirm what Eyelogs is not acting as: certified auditor, statutory filing authority, payroll processor, or compliance certification body.
Open-source controls
We use open-source as building blocks, not hidden processors.
Allowed nowStatic UI and docsMIT/BSD/Apache-style UI, CSS, icons, docs, and diagram components can improve EyeLogs without sending buyer data to a third party.Requires ownerSelf-hosted backend toolsAnalytics, support inboxes, status monitors, auth, automation, and storage require a named operator, updates, backups, access control, and privacy wording.Blocked for nowSilent data movementNo unknown telemetry, public cloud widgets, payment/accounting copies, or automation connectors are added until data flow and licensing are reviewed.
HRM trust proof
Production HR/payroll data needs extra evidence.
IdentityMFA and invite/reset proofAdmins enroll authenticator MFA; users are invited or reset through controlled flows instead of shared passwords.Open HRM datasheetIsolationTenant-scoped recordsEmployees, candidates, payroll, documents, backups, support tickets, and audit logs remain scoped to the buyer tenant.RecoveryBackup and restore proofBuyers should see the backup job, restore drill, checksum/manifest, storage target, and owner before go-live.BoundaryNo blind statutory claimsPayroll filing, PF/ESI/PT/TDS treatment, and compliance exports require buyer accountant/payroll-owner validation.
Next step
Book a security review before production data enters any product.
We confirm hosting, tenant isolation, roles, backups, monitoring, audit exports, and unsupported certification boundaries for your rollout.