Your data is
boringly safe.
We handle the most sensitive documents in a consulting engagement. We treat that as primary engineering work, not compliance paperwork.
- 01
Tenant isolation at the database layer
Every row carries an organisation id. Postgres Row Level Security policies enforce that no user — not even a compromised token — can read across tenants. Cross-tenant leakage is an impossibility by database design, not a convention we remember to check.
- 02
Your data is not used to train AI
Claude (Anthropic's model family) does not train on API traffic by default. Your prompts and generated content leave your data boundary only for the inference call itself, and are not retained beyond operational logs.
- 03
Encrypted at rest. Encrypted in transit.
All storage is encrypted at rest by Supabase. All traffic is HTTPS / TLS end-to-end. File downloads use short-lived signed URLs. No permanent public links, ever.
- 04
Virus scanning on every upload
Each uploaded file passes through ClamAV before it's indexed or stored. Infected uploads are rejected and logged. No Word template booby-traps.
- 05
Admin-initiated credential management
No public password reset flow for end users. Organisation admins provision and reset PM credentials directly. This removes a large class of account-takeover vectors.
- 06
Immutable audit log
Every mutating action — plan edits, artefact generation, tenant operations — is written to an append-only audit log with user, org, resource, and timestamp.
- 07
Compliance roadmap
SOC 2 Type I targeted within 12 months of GA. DPA available on request. GDPR-compatible tenant deletion with a configurable retention window.