🤫husshhussh
  • Wiki
Reserve
🤫husshhusshOneOne Puppy
🤫 Compliance strategy · the deep dive

Stand on the rails that already run the world.

Here is the honest strategy for world-class security and certification: don't rebuild what the world already certified. We build on and sell with the compliant infrastructure that runs the world economy to inherit its protections and shrink our own scope, and we earn the certifications that can't be inherited, ourselves. The whole discipline is being transparent about which is which.

The certifications roadmapHow the money rails work
The whole idea

Two doors to compliance. We walk through both, honestly.

The approach

Inherit what we can (indirect)

Do not rebuild what the world already certified. By building on and selling with the compliant infrastructure that runs the world economy, we inherit its protections and shrink our own audit scope. This is the legitimate, standard shared-responsibility model, not a shortcut around the rules.

The approach

Earn what we must (direct)

Some certifications are about our own organization's controls and cannot be inherited from anyone. SOC 2, ISO 27001 and 42001, HIPAA, FedRAMP, and CMMC are earned by us, through real audits, on the public timeline we already publish. No partner can hand these over.

The approach

Be transparent about which is which

The only way this strategy stays honest is to label every capability as inherited or earned, live or roadmap. We never claim a partner's certificate as ours, and we never call ourselves certified before we are.

Inherit what we can

The umbrella: rails we build on.

This is the indirect path. By operating on and selling through infrastructure that is already compliant and already runs the world economy, we inherit its layer and reduce what is ours to audit. The honest part is the last column: what building on each rail still leaves as our own job. Named companies describe the rails and standards we build on or interoperate with, not signed partnerships or endorsements, except where marked live.

RailWhat it isWhat we inheritWhat's still oursStatus
Card paymentsStripe, Visa, Mastercard (tokenized; we never touch raw card numbers)PCI-DSS scope reduction: card data lives with the processor and networks, so our own attestation is the lightweight SAQ-A level, not a full card-data environment.Our own SAQ-A attestation, a secure integration, and never storing a raw card number.Live
Bank money movementACH, Fedwire, Zelle, UPI, and stablecoin settlement (for example Circle / USDC)Money moves over licensed, regulated rails through a licensed partner, so we do not have to become a bank to move value safely and at settlement-grade reliability.Our program's KYC/AML, our money-movement licensing posture, and consent + receipts for every transfer. All roadmap.Roadmap
Cloud infrastructureHyperscale clouds (for example Google Cloud, Microsoft Azure, AWS)The infrastructure layer's own FedRAMP, SOC 2, and ISO authorizations under the shared-responsibility model, covering physical, network, and platform security.Everything in our half of the shared model: our application controls, our configuration, and our own authorization. Building on FedRAMP cloud does not make our app FedRAMP.Live
Identity & sign-inApple and Google sign-in, and passwordless email linksWorld-class authentication and account-protection from identity providers billions already trust, so we are not reinventing login security.Session handling, consent, and authorization on our side, and a receipt for every access.Live
Work, CRM & communicationSalesforce, Microsoft, Google, Meta / WhatsAppThe platform compliance of the systems our customers already run, for the data that lives inside those systems.Consent-scoped, revocable sharing across them, with the human at the center and a receipt they can read. Interoperability, not endorsement.Roadmap
Silicon & computeBest-in-class silicon (for example Nvidia) in 🤫 Puppy One and the edge gridHardware-level security features and performance from the industry's leading compute, so the edge fleet stands on proven silicon.Our secure deployment, key management, and the owned-hardware, consent-first architecture. Hardware-agnostic by design.Roadmap
Agent & payment protocolsOpen standards: MCP, A2A, ADK, AP2, UCPInteroperable, auditable agent-to-agent and agent-to-commerce rails built on shared open standards instead of a private silo.Building to these standards as they mature, and the consent + receipt layer on top. These are standards we design toward, not certifications.Roadmap
Earn what we must

The certifications no partner can hand us.

These are about our own organization's controls. They cannot be inherited from anyone, so we earn them directly, through real audits, on the public timeline we already publish.

SOC 2 Type II

An attestation about our own controls and how we actually operate them over time. No partner can grant it. Observation underway; targeted H2 2026.

ISO/IEC 27001 & 42001

Our information-security and AI-management systems, audited. Ours to build and pass. In progress.

HIPAA readiness & BAAs

Safeguards and a business-associate program for regulated health workloads. Our responsibility as the party handling the data. Roadmap.

FedRAMP & DoD Impact Levels

For federal and national-security workloads. Requires our own agency sponsor and 3PAO assessment; a hyperscaler's FedRAMP does not transfer to our app. In pursuit.

CMMC 2.0 & NIST 800-171/53

For the defense industrial base. The control families are ours to implement and document. In pursuit.

GDPR & EU-US Data Privacy Framework

Consent-first by construction (PCHP), with data-residency and DPF alignment as an ongoing, maintained commitment.

The full certifications roadmap, with dates →
The honest truth

What partnership does, and does not, confer.

This is the part that keeps the strategy honest. Read it as the fine print that is actually in the headline.

  • Building on a compliant partner reduces our audit scope and inherits their layer. It does not make us certified. We never present a partner's certificate as our own.
  • Shared responsibility is real and two-sided: the rails secure their layer, and we are fully responsible for ours. A FedRAMP cloud does not make our application FedRAMP; a SOC 2 vendor does not make us SOC 2.
  • Nothing is unbreakable. This strategy is layered risk reduction, standing on proven infrastructure so fewer things are ours to get wrong, not a guarantee that nothing can.
  • Status is labeled everywhere. Stripe is live for payments and we build on hyperscale cloud and trusted sign-in today; the broader money-movement, work, and hardware rails are the plan and the roadmap, not signed partnerships.
  • The certifications that are ours to earn, we earn, on the public timeline at /one/certifications. We update an item to achieved only when it is formally granted, and we date it.

Build, buy, and sell together, safely.

We reach world-class assurance by standing on the world's compliant rails and earning the rest ourselves, in the open. Partners on those rails, and customers who need the receipts, let's talk.

The certifications roadmapThe money railsPartner with 🤫

One is a product of Hushh Technologies Corporation (brand: 🤫 “hussh”), an independent company. One runs on third-party silicon, systems, and cloud; all company names are used solely to describe the platforms on which One software runs. Hushh Technologies is not affiliated with, endorsed by, sponsored by, or partnered with any company named.

Agent One

  • The product story
  • Welcome - start here
  • Overview
  • The product roadmap
  • Getting started
  • First-time user guide
  • The last-mile pilot plan
  • Pilot: Kirkland, WA 98033
  • Pilot: Beverly Hills, 90210
  • 🤫 Check-in at Las Vegas (LAS)
  • Works with every assistant
  • Claim your One
  • Talk to Agent One (voice preview)
  • Shop - the menu
  • One for enterprise
  • Trust & certifications
  • The compliance strategy
  • Well-being
  • Sports & entertainment
  • Get One with what you have
  • Name your One
  • Why One
  • What's new
  • Proof, not promises
  • Bill of materials
  • Reserve or gift a One
  • Redeem a gift
  • Pricing
  • How it works
  • The agents
  • Your money
  • Your taxes
  • 🤫 One Gold ID
  • Location, on your terms
  • Your health
  • Service, done right
  • Insurance, done right
  • Wealth, done right
  • Tag One - safety & wellness wearable
  • Tag One - research & top 3 features
  • Experiences
  • One Engine
  • Supercomputing & Extreme Burst
  • The network
  • The AI Factory (become a host)
  • Privacy & ownership

One Puppy

  • Get One
  • Why Puppy
  • Your Puppy
  • How it works
  • Platforms & partners
  • The catalog
  • Brochure, lineup & specs
  • Agents on board

Business

  • 🤫 for Business
  • Small & medium business
  • Enterprise
  • 🤫 Concierge (white-glove, VVIP)

Solutions

  • Industry solutions
  • Federal government & agencies
  • Service members & veterans
  • For everyone who serves the public
  • Trust & certifications
  • The compliance strategy
  • State & local government
  • Higher education
  • Technology & internet
  • Semiconductors
  • Wealth management
  • For advisors (RIAs)
  • Healthcare
  • For you

Ecosystem

  • Partners & GTM
  • Become a partner (sign in)
  • Distribution deep dives (top 10 channels)
  • Q3 & Q4 order book (buy & build together)
  • For venture capitalists (the pitch)
  • What's in it for you (partners)
  • Partnership Welcome
  • All partner drops
  • The ecosystem map
  • Partner onboarding
  • The category
  • Ecosystem
  • Customers
  • Campaigns
  • Communities
  • Champions
  • 1024 Builders Club
  • Spread One
  • One for Sellers (refer & earn)
  • Day 0 Trusted Circle
  • The Circle of Trust
  • Sovereign-agent coalition
  • The case (a right, enforceable, valuable)
  • Correct the record & claims
  • Data-rights landscape
  • See One live

Resources

  • Explore - table of contents & map
  • The Mega Map
  • The Hussh Protocol (PCHP)
  • The Commerce Rails (Stripe, AP2, A2A, UCP)
  • Research & papers
  • Research papers directory
  • Personal World Model
  • The work, end to end
  • Human & Super Intelligence Lab
  • The People of the Lab
  • Featured universities
  • Build with us - Lab careers
  • The Handoff (RFC-001)
  • Blogs
  • Listen - Two Minds podcast
  • Voices - real stories
  • The Heartbeat - what we're doing, always
  • Guides by topic
  • The Field Bible - sell it right
  • Academy - learning & development
  • Build with AI (field guide)
  • Agent One Blueprints
  • The Agent Opportunity
  • Sales Plays - the GTM bible
  • The pitch - firms we admire
  • Developers
  • Investors
  • Institutional investor relations
  • Rewards
  • Stories
  • FAQ
  • Rude FAQ (blunt & honest)
  • Wiki
  • Sitemap

Company

  • Team
  • Manish Sainani (founder)
  • Gratitude - people we look up to
  • Humans we celebrate
  • The 1024 - our gratitude to humanity
  • About
  • Fund A
  • Building in the open
  • Shipped - the ship log
  • Watch the launch walkthrough
  • Newsroom & press
  • Brand & media kit
  • Release notes
  • Careers
  • Open roles - we're hiring
  • Compensation, in the open
  • How we work
  • Our values
  • Respect - both ways
  • Contact
  • Accessibility
🤫husshhusshKirkland, WAPrivacyTerms

© 2026 Hushh Technologies Corporation - an independent company.