Your data is
protected by design.
Every platform we build runs on independently audited, certified infrastructure. Security is not an add-on — it is the foundation.
Vendor Certifications
Independently audited. Continuously verified.
SOC 2 Type II
Anthropic, Supabase, Vercel, Stripe
Independent audit verifying security, availability, and confidentiality controls are maintained consistently over time.
ISO 27001:2022
Anthropic
International standard for information security management systems. Formally audited and certified.
ISO/IEC 42001:2023
Anthropic
International standard for AI management systems. One of the first AI companies in the world to achieve this certification.
PCI DSS Level 1
Stripe
Highest level of payment card industry security certification. All payment processing runs through Stripe.
How We Protect Your Data
Security practices built into every build.
Encryption Everywhere
All data encrypted in transit (TLS 1.2+) and at rest (AES-256). No exceptions.
Access Controls
Role-based permissions, row-level security on database records, and multi-factor authentication for all administrative access.
Zero Data Retention
For sensitive workloads, our AI provider retains zero prompts, responses, or logs. Available self-serve for any client engagement.
US-Based Infrastructure
All primary data processing occurs in the United States. Subprocessors are contractually bound to maintain security standards.
Audit Logging
Administrative actions and data access events are logged. Activity event logs available with up to 180-day retention.
BAA Available
Business Associate Agreements available for healthcare engagements through our infrastructure partners including Anthropic and Supabase.
Infrastructure Partners
Every vendor in our stack, transparent.
We only work with providers that maintain independently audited security programs.
| Provider | Role | Certifications |
|---|---|---|
| Supabase | Database & Auth | SOC 2 Type II, HIPAA BAA |
| Vercel | Hosting & CDN | SOC 2 Type II |
| Anthropic | AI Processing | SOC 2, ISO 27001, ISO 42001, BAA, ZDR |
| Stripe | Payments | PCI Level 1, SOC 2 |
| Twilio | Communications | SOC 2, HIPAA eligible |
| Resend | SOC 2 Type II |
Compliance Documentation
Everything in writing.
Privacy Policy
TDPSA-compliant policy covering data collection, use, retention, and your rights.
Data Processing Agreement
Standard DPA governing how we process personal data on behalf of clients.
Subprocessor List
Complete list of third-party services, their purposes, and compliance certifications.
Terms of Service
Service terms including AI disclosure, data processing, and intellectual property.
Questions about security?
We are happy to walk through our security practices, provide vendor documentation, or discuss compliance requirements for your industry.