Green Dolphin Software is structured for B2B enterprise engagement from day one. Insurance is in place. MSA and DPA templates are ready. Security posture is documented. Audit support is built into the standard contract.
Green Dolphin Software is listed on the major B2B services platforms. Profiles are public, backlinks are active, and our Clutch profile is Verified — Clutch's third-party-vetted credential reserved for credentialed providers.
Profiles are public and actively maintained. Green Dolphin is a senior-architect-led consultancy — verified client reviews are collected as fixed-bid engagements complete.
Anonymized examples drawn from senior-architect-led engagements across regulated and mid-market industries. Each profile reflects the kind of fixed-bid SOW Green Dolphin returns within 3 business days of intake. Industry names + scope details are anonymized; specific case studies with named clients are added under NDA on request.
Healthcare payer
Bidirectional MuleSoft sync between Salesforce Health Cloud and Facets claims platform. Anypoint MQ for guaranteed delivery; Datadog observability; C4E governance handed off to internal team.
Outcome: Replaced a $250K T&M quote from the incumbent SI with the same scope, on time, on budget.
Mid-market manufacturer
NetSuite ↔ Salesforce Sales Cloud customer + order sync. Workato recipes for HR-to-payroll. Canonical data model with masterless conflict resolution.
Outcome: First production sync in week 3; full cutover with parallel-run validation by week 5.
Fortune 100 retailer
Architecture & Design only. Vendor-neutral iPaaS evaluation (MuleSoft vs Workato vs Boomi vs SnapLogic). Target-state topology, canonical model, 90-day modernization roadmap.
Outcome: Fundable design package signed off by procurement the week after delivery.
Mid-market financial services
Salesforce Agentforce pilot with 4 custom actions over 2 data sources. Structured-output JSON schemas, prompt caching, confidence gating, full prompt + response logging to Splunk.
Outcome: Procurement signed off without escalation — the audit trail was the differentiator.
Public sector (state agency)
Regulated MuleSoft platform setup with C4E governance, SAP RFC integration, multi-system canonical model. FedRAMP-aligned deployment topology with continuous monitoring.
Outcome: Passed independent security review on first submission; no remediation cycle required.
Aerospace & defense
AI Document Processing engagement: intelligent extraction from supplier contracts into a structured Workato workflow. Claude with structured-output tool schemas, human-in-the-loop above threshold.
Outcome: 12 hours of manual data entry per supplier collapsed to 8 minutes of review.
Annually-renewed Professional Liability + Commercial General Liability + Cyber policy with Hiscox. Certificate of Insurance on the industry-standard ACORD 25 form, naming the client as Additional Insured where commercially available, issued within 24 hours of contract signature.
$2M per claim / $2M aggregate
Claims-made policy covering claims arising from professional services — design errors, missed scope, integration defects discovered post-delivery.
$2M per occurrence / $3M aggregate
Covers third-party bodily injury, property damage, and personal & advertising injury claims arising from business operations.
$1M aggregate
Covers breach response, cyber extortion / ransomware, cyber crime (social engineering + funds transfer fraud), business interruption, data recovery, and privacy protection. Excludes criminal proceedings, infrastructure interruption, and intentional acts.
Standard contracts ready to share with your legal team under NDA. We adapt to client paper where reasonable; our standard terms are designed to be acceptable to Fortune 500 procurement.
Standard fixed-bid MSA template available for download. California governing law. 50/50 payment terms (Net 15). Liability cap = fees paid in the 12 months preceding the claim, with carve-outs for confidentiality, indemnification, and gross negligence. Reviewed and approved for use.
GDPR + CCPA + UK-GDPR compliant DPA available for download. Module 2 / Module 3 SCCs (EU 2021/914) for cross-border transfers. UK International Data Transfer Addendum for UK Personal Data. Sub-processor list maintained in DPA Annex 1. Reviewed and approved for use.
COI on ACORD 25 form (the industry-standard certificate format accepted by Fortune 500 procurement), naming the client as Additional Insured where commercially available. Issued by Hiscox within 24 hours of contract signature. Provided on request at any time during the engagement.
Engagements in regulated environments (HIPAA, SOX, FedRAMP, GDPR, CCPA, PCI-DSS, ISO 27001) supported. Compliance documentation pack included in Custom-tier engagements; available as add-on for Standard / Enterprise tiers.
HTML download opens in a new tab and is print-to-PDF ready. Markdown source is the authoritative version (used internally for redlines). Email max@greendolphin.ai for a Word or signed PDF version on company letterhead.
The complete list of measures from Annex 3 of our DPA. Reviewed and updated periodically.
Access control
SSO with multi-factor authentication on all admin systems (GitHub, Vercel, Google Workspace, Slack, Anthropic Console). FIDO2 hardware security keys for admin accounts. Quarterly access reviews. Encrypted laptops with full-disk encryption.
Secret management
API keys and credentials stored in encrypted secret managers (Google Secrets Manager, Vercel encrypted environment variables, GitHub Encrypted Secrets). Never committed to repositories. Rotation on personnel change.
Code review & deployment
No direct-to-prod commits. Source code reviewed before deployment. Static analysis + dependency scanning on every build. Open-source components license-vetted; CVE alerts monitored.
Source code custody
During an engagement, code lives in Green Dolphin's GitHub Organization. On delivery acceptance, repositories transfer to the client's GitHub Org (or a client-owned archive with full commit history) — full IP transfer.
Data in transit + at rest
TLS 1.2+ for all data in transit. Provider-managed encryption at rest (GitHub, Google Workspace, Slack). Production credentials separated from development; tested with non-production data wherever possible.
Personnel
Background checks on personnel handling client data. Confidentiality agreements signed before any client data access. Annual security awareness training.
Incident response
Documented incident response process. 48-hour client notification SLA on confirmed Personal Data Breach. Post-incident root-cause analysis shared with affected client within 30 days.
Audit support
Once per twelve-month period, clients (or third-party auditors bound by confidentiality) may audit Green Dolphin's compliance with the DPA. Standard SOC 2 / ISO 27001 attestations from sub-processors are passed through where applicable.
Per our DPA, the following sub-processors may handle Personal Data on a client's behalf in the course of providing Services. New sub-processors are notified to clients at least 30 days in advance per the DPA.
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel Inc. | Website hosting (greendolphin.ai) | USA |
| Resend (Easymail Inc.) | Transactional email — intake form submissions | USA / EU |
| Anthropic, PBC | LLM API for the chatbot on greendolphin.ai | USA |
| Google LLC (Workspace) | Email (max@greendolphin.ai), Calendar, Drive | USA / EU |
| Slack Technologies, LLC | Slack Connect channels for client engagement communications | USA |
| GitHub, Inc. | Source code repositories during engagement | USA |
Email max@greendolphin.ai with your request — Certificate of Insurance, MSA template, DPA template, security questionnaire response, or signed NDA. Standard turnaround within one business day.
Six-step intake. Fixed-bid SOW returned in 3 business days. Basic integration from $10K; multi-integration engagements from $25K (3–5 integrations), then $50K/$75K/$100K+.
