Security & Compliance
Your data security and privacy are our top priorities. Learn about our security measures and compliance standards.
Security Features
Data Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your sensitive information is protected with industry-standard security protocols.
Secure Infrastructure
Our infrastructure is hosted on secure cloud platforms with regular security audits, intrusion detection, and automated threat monitoring.
Access Controls
Role-based access control ensures that only authorized users can access sensitive data. Multi-factor authentication available for enterprise accounts.
Data Residency
Data is stored in secure, compliant data centers with geographic redundancy. We comply with data residency requirements for international customers.
Regular Audits
We conduct regular security audits, penetration testing, and vulnerability assessments to ensure our systems remain secure and up-to-date.
Team Security
All team members undergo background checks and security training. Access is granted on a need-to-know basis with regular access reviews.
Compliance Standards
GDPR Compliance
We comply with the General Data Protection Regulation (GDPR) for EU customers, ensuring data privacy and protection rights.
SOC 2 Type II
We are working towards SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality.
ISO 27001
ISO 27001 certification is planned for 2025, establishing our information security management system.
Data Processing Agreements
We provide Data Processing Agreements (DPAs) for enterprise customers to ensure compliance with data protection regulations.
Data Protection
What Data We Collect
- Account information (name, email, company)
- Payment information (processed securely through Stripe)
- Company information submitted for verification
- Usage data and report generation history
How We Protect Your Data
- End-to-end encryption for all data transfers
- Regular security audits and penetration testing
- Access controls and authentication mechanisms
- Secure backup and disaster recovery procedures
Data Retention
- Reports stored securely for account lifetime
- Account data retained as per legal requirements
- Right to data deletion upon request
- Data export available for all users
Third-Party Services
- Stripe for secure payment processing
- Supabase for database and authentication
- OpenRouter for AI model access
- All vendors comply with security standards
Security Best Practices
We follow industry best practices to ensure your data remains secure
Infrastructure Security
- Regular security updates and patches
- DDoS protection and mitigation
- Network segmentation and firewalls
- Intrusion detection and monitoring
Application Security
- Secure coding practices and code reviews
- Regular vulnerability scanning
- Input validation and sanitization
- API security and rate limiting
Security Questions?
Have security concerns or need more information? Our security team is here to help.