SOC 2-aligned AI development for US SaaS in enterprise sales.

We will be honest about this because the market is not. Aiinfox does not currently hold a SOC 2 Type II report as an organization. What we provide is engagement-level alignment: the controls applied to your build are SOC 2-aligned and mapped to the Trust Services Criteria your auditor cares about — CC6 (logical access), CC7 (system operations), A1 (availability), C1 (confidentiality), and PI1 (processing integrity) where customer data routes through the model. Your CISO can drop our work into your existing Type II scope without re-engineering the posture. If your procurement contract requires a vendor with their own Type II report, we will tell you on the first call and recommend a vendor who has one — wasting your timeline on a posture we cannot meet is not in either of our interests.

The MSA covers IP assignment (your code, your IP), limitation of liability, indemnification, confidentiality, data handling and subprocessor obligations, audit rights, and the 30-day production warranty. The SOW covers scope, acceptance criteria, six-week timeline, USD fixed price, and the specific Trust Services Criteria the engagement is aligned to. Both are signed before any code is written or customer data is shared. We work from your template or provide ours. For engagements that touch PHI we layer a BAA on top; for engagements that touch EU personal data we layer a DPA with SCCs. We do not start sprint zero on a handshake.

Inside your AWS, Azure, or GCP account by default, in a US region you specify — us-east-1 (N. Virginia), us-west-2 (Oregon), or any region your existing Type II boundary covers. For inference, you have three options. One: managed LLMs pinned to a US region — Anthropic Claude via AWS Bedrock with US-region endpoints, OpenAI via Azure OpenAI Service with US-region endpoints. Two: self-hosted Llama 3 or 3.1 on vLLM inside your VPC with autoscaling GPU groups — zero third-party LLM exposure, full control of logging and retention. Three: hybrid — non-customer-data prompts route to managed LLMs, customer-data-bearing prompts route to self-hosted Llama. We do not silently introduce a new subprocessor your enterprise customers have not approved.

Every model call, tool call, retrieval, and refusal is logged with: request ID, operator identity (mapped to your IdP and tied to a Trust Services Criteria CC6 control), prompt version hash, input (with PII tags), output, retrieval sources, refusal reason where applicable, latency, cost, and timestamp. Logs are written to your chosen sink — CloudWatch, Datadog, Splunk, S3 with object-lock for tamper-evidence — inside your account. We do not retain copies on our side. The log schema is built so your auditor's evidence request reads like a SQL query against a single table, not a screenshot exercise across five dashboards. We provide an evidence catalog mapped to your Trust Services Criteria in the runbook handover.

Yes — Type II-aware takeovers are routine. Step one is a data-flow audit: where does customer data actually touch storage, inference, and logging, and which of those endpoints is inside your existing audit boundary versus a new uncovered subprocessor? Step two is reading the code, prompts, evals (if any), refusal layer, and audit-log schema, then shipping the smallest valuable change that does not expand your audit scope. Step three is the longer-term plan — incremental remediation, a parallel rebuild, or shutting it down before your next Type II window opens. Most takeovers we see did not need a rewrite; they needed an audit-log schema, refusal layers, and an inference path that did not silently create a new subprocessor.

Senior engineering rates at Aiinfox land roughly 30 to 50 percent below equivalent US SOC 2-experienced AI consultancies — useful, but it is not the headline. The headline is the delivery model: senior engineers only, fixed-price six-week scope, overrun cost on us if we miss for reasons on our side, MSA + SOW in hand before kickoff. Most US SOC 2-experienced AI consultancies bill timesheets, run multi-month discovery while the security questionnaire piles up, and either churn senior staff onto bigger accounts or staff a junior pool behind a senior nameplate. We bill shipped systems and we keep the same engineers on your build through launch.

It will if we architect it carelessly, and it will not if we architect it correctly. The default pattern we run for SaaS in active enterprise sales: the build runs entirely inside your existing audit boundary, uses your existing identity provider, writes logs to your existing log sink, and does not introduce a new subprocessor to your CISO's vendor inventory. Where the LLM provider is a new subprocessor, we flag it on the first call, document it in the DPA, and route it through whatever vendor-review path your security team uses — never silently. The auditor question we design for: 'show me the access control, the logging, and the data flow for the new AI feature.' The answer should be three diagrams and one SQL query, not a phone call.

Yes. We work with MSA-plus-SOW structures for ongoing relationships and single-document fixed-price agreements for one-off pilots. Standard terms cover IP assignment (your code, your IP), mutual indemnification, capped limitation of liability, data handling and subprocessor obligations, and a 30-day production warranty. Net-30 invoicing is standard for established engagements; pilots are typically 50 percent on signing and 50 percent on acceptance. We are a registered Indian entity (Aiinfox Pvt. Ltd.) invoicing US clients in USD via wire transfer — no W-9 or 1099 entanglement because we are a foreign corporation. Your procurement team gets a vendor record they can file under standard international-services patterns.