Security & Trust

All data is encrypted in transit using TLS 1.3. Data at rest is encrypted in our database (Neon PostgreSQL) and file storage (Cloudflare R2). We never store passwords in plaintext.

Every database query is scoped to your workspace (tenant). There is no way for one customer to access another's data. This is enforced at the query layer across every Server Action and API route.

When you use AI features, your data is processed by Anthropic (Claude), OpenAI (GPT), and Google (Gemini). All providers are contractually bound to never use your data for model training.

A data sanitization layer strips Stripe IDs, authentication tokens, and banking details from AI context. Data is only sent when you actively use AI features, scoped to your workspace.

Role-based access control with three levels: Owner, Admin, and Member. Team members can only access data within their workspace. Client portal uses secure magic link authentication with hashed tokens.

Hosted on Vercel (SOC 2 compliant). Database on Neon (PostgreSQL, EU-hosted). File storage on Cloudflare R2 (encrypted). Subscriptions via Lemon Squeezy (Merchant of Record). Invoice payments via Stripe Connect (PCI DSS Level 1). Email via Resend.

Content Security Policy (CSP) headers enforced in production. All API endpoints rate-limited. Stripe webhook signatures verified cryptographically. All user input validated with Zod schemas at the server boundary.

AI usage logs are automatically purged after 90 days. When you delete your account, all data is permanently removed. You can export all your data as CSV at any time from Settings.

GDPR: Data subject rights supported, access, deletion, and portability. Data Processing Agreements (DPAs) signed with all AI providers.

SOC 2 Type II: Planned for 2027. Infrastructure partners (Vercel, Neon, Stripe, Lemon Squeezy) are already SOC 2 certified.