This page describes General Reasoning's compliance posture as the operator of chandrahub.net and the issuing authority for GABA certs. Examiners relying on Chandra audit trails should review this page to understand the terminal trust anchor for the ecosystem.
Status: In preparation. General Reasoning is currently scoping its SOC 2 Type II examination. The examination will cover the trust service criteria applicable to chandrahub.net and gr-identity as the governed infrastructure for the Chandra ecosystem.
The SOC 2 Type II report will be available to examiners under NDA on request once issued. Examiners requiring a compliance confirmation letter in advance of the report should contact us directly.
The following systems are in scope for General Reasoning's compliance program:
chandrahub.net — The forest authority. The public-facing verification infrastructure for GABA certs, chain integrity, and engagement records.
gr-identity — The identity and governance platform. Principal management, role assignment, GABA cert issuance, and Cleared-to-Operate cert issuance.
Chandra Protocol implementation — The append-only chain infrastructure underlying all governed deployments.
Organizations using Chandra-backed systems are responsible for the following controls that complement General Reasoning's own controls:
Access to the gr-identity tenant admin console must be restricted to authorized personnel and protected by strong credentials with regular review. Hub API tokens must be stored securely and rotated on a schedule appropriate to the organization's risk posture. The chandra_record_id column in application databases must be treated as a compliance record and protected accordingly. Retention periods declared in the GABA deployment template must be honored.
General Reasoning operates its infrastructure on Linode (Akamai Cloud Services). Linode's compliance posture, including its SOC 2 Type II report, is available directly from Akamai. General Reasoning's controls are designed to function correctly regardless of the availability of Linode's compliance documentation.
Security researchers who identify vulnerabilities in chandrahub.net, gr-identity, or the Chandra Protocol implementation should contact General Reasoning at inquiries@genreason.com with the subject line "SECURITY DISCLOSURE." We respond within 24 hours and coordinate disclosure responsibly.
Examiners requiring compliance documentation, confirmation letters, or technical briefings should contact General Reasoning directly.
Email: inquiries@genreason.com
Response time: One business day for standard examiner inquiries. Same-day for urgent matters (note "EXAMINER — URGENT" in subject).
Available on request: Compliance confirmation letters, examination briefings, SOC 2 bridge letters, penetration test summaries, business continuity documentation.