Trust & security
Security is foundational, not a later feature
This product is a data processor: it holds your data protection records, which can themselves contain personal data. The baseline below is built in from day one.
Data residency (EU)
The application and database are hosted in the EU. We do not default to a US region. Your records stay in-region.
Encryption
All traffic is encrypted in transit with TLS. The database is encrypted at rest. Card details are never stored by us; payments are handled by Stripe.
Tenant isolation
Every record belongs to your organisation and is scoped to it at the data-access layer. There is no global data path; a cross-tenant data leak is treated as the worst-case bug and designed against.
Authentication & access
Sign-in is handled by a reputable managed authentication provider with multi-factor authentication available. Sessions are secure and expiring; least privilege is applied to administrative tooling.
Audit logging
Significant actions (authentication events, data changes, and every AI call) are recorded in an append-only audit log, because a compliance product should be able to show its own working.
Controlled AI data handling
AI assistance runs server-side only; the API key is never exposed to the browser. We send the minimum necessary data to the model and log each call. Business data sent to the Anthropic API is not used to train models.
Secrets management
All secrets are injected from a secrets manager or environment at deploy time and are never committed to source control or shipped to the browser.
Sub-processors & your DPA
We use a small set of sub-processors to run the service: our managed authentication provider, Stripe for billing, Anthropic for AI assistance, and our EU hosting/database provider. A customer-facing Data Processing Agreement and the full sub-processor list are available on request.[OWNER: publish the DPA, sub-processor list, and any certifications here.]