Company Overview

CMD+RVL transforms data ecosystems with metadata-first solutions, making data accessible and actionable. Integrating with existing systems, we drive data-inspired decisions, fostering employee empowerment and curiosity. Ideal for CTOs and CIOs facing data complexity, we boost productivity and ignite strategic conversations.

Our Data Discovery Platform allows our clients to extract value out of their data ecosystem by collecting, presenting, and harnessing metadata. The platform does not copy or store any client data. Our Data Discovery Platform offers the flexibility to be hosted in our AWS account or within our clients' AWS or Azure environments. In addition to our core software offering, we provide professional services tailored to building data pipelines to meet specific customer use cases. These services include the critical function of capturing and storing metadata within our platform to ensure seamless data management and utilization.

Deployment

• Docker on AWS/Azure or our managed cloud.

• Data stance: We do not store customer data in our platform.

• Encryption in transit and at rest.

Current Security Position

We prioritize the security and integrity of our clients' data. Our current security measures include:

AWS Security Best Practices

We leverage AWS's robust security features to ensure the safety and integrity of data hosted within our environment. This includes using IAM roles and policies, VPCs, security groups, and encrypted storage.

Client Environment Security

For platforms hosted within client environments, we adhere to their security protocols and ensure compliance with their specific requirements.

Data Protection

We employ encryption of data and metadata in-transit. We do not store any customer data in our platform.

Access Controls

We enforce strict access controls and authentication mechanisms to ensure that only authorized personnel have access to sensitive data and systems.

Future Security Plans

Recognizing the importance of building trust and ensuring the highest standards of security, we are committed to enhancing our security posture through the following initiatives:

SOC 2 Certification

SOC 2 Type I target: Q3 2026 with quarterly readiness checkpoints.

We are in the process of formalizing our security policies and procedures to align with SOC 2 criteria. This includes documenting our processes, implementing necessary controls, and ensuring continuous monitoring and improvement of our security practices. We plan to engage with reputable audit firms to conduct the SOC 2 audits, ensuring that our security practices are rigorously evaluated and validated.

Penetration Testing

External pen-test: Q2 2026; we'll publish a short verification summary.

This will be carried out by an independent, certified third-party security firm. Following the initial penetration test, we will establish a regular schedule for periodic penetration testing to continuously assess and improve our security defenses. Findings from these tests will be promptly addressed to mitigate any identified vulnerabilities.

Sub-processors

We publish a concise, current list and notify on changes. Review the latest details on our sub-processors page.

Verification Notes

For key feeds and features, we post brief verification or methodology notes so teams can see coverage, freshness, and known gaps.