This page is maintained by the REBUILT OS team to summarize the compliance frameworks we align to today and the audits we are actively pursuing. It describes controls that are enabled in the platform and is not, on its own, an independent certification or attestation. Signed reports, BAAs, DPAs, and security questionnaires are available under NDA — contact compliance@operationrebuilt.com.
Protected Health Information (PHI) — wellness, behavioral health, and clinical data.
Security, Availability, Confidentiality, and Privacy Trust Services Criteria.
Criminal Justice Information Services Security Policy v5.9 — required for court, probation, and law enforcement data.
Education records for youth prevention and academy participants under 18.
Federal baseline control set — foundation for FedRAMP and StateRAMP.
EU/UK data subjects — participants, mentors, and staff.
State and local government cloud authorization — Ready → Authorized pathway.
Timelines are targets, not guarantees. Updated as milestones are met.
REBUILT OS operates the platform, its managed cloud infrastructure, and the platform-level controls listed above. Partner organizations remain responsible for administering their users, executing consent workflows appropriate to their jurisdiction, and safeguarding data they export or share outside the platform. Compliance is a shared commitment.