How we handle your data.

Vercel (EU-hosted functions available). Database + auth on Supabase (EU region for EU workspaces on request). No customer data leaves the EU when the EU-residency flag is set.

TLS 1.3 everywhere. Supabase enforces at-rest encryption via pgcrypto. Client-side fields (OAuth tokens, API keys) encrypted with AES-256 before insert.

Password + magic link via Supabase Auth. Rate-limit + brute-force protection at the edge. SSO via WorkOS (Okta, Azure AD, Google Workspace) for enterprise tenants.

Every tenant-scoped table enforces RLS. Workspace data is never joinable across tenants. Service-role key is server-only and never exposed client-side.

Every Sophie decision (confirmations, action transitions, gate flips) is logged immutably to decision_records. Exportable via /api/admin/audit-trail-export.

Per-IP + per-user rate limits on every Sophie turn + assessment submit. HMAC-signed webhooks with constant-time comparison. Certification quiz token enforces per-attempt choice shuffle.

Sophie memory entries are workspace-scoped and deletable from /workspace/[id]/memory. Workspace delete → full cascade. GDPR SAR on request, < 30 days.

Vercel (hosting), Supabase (database + auth), Anthropic (LLM), ElevenLabs (voice TTS), Stripe (payments), WorkOS (SSO), Resend (transactional email). Full list with DPAs on request.

Tenant-level flag that pins database + edge functions to eu-west-2. Available on the Enterprise tier. Default for all EU-incorporated customers by Q3.

Targeted Q3 2026. Vanta controls in place; penetration test scheduled; policy documentation + attestation by external auditor underway. Type II report follows 12 months after.

Gap analysis scheduled post-SOC 2 Type II. Expected 2027.

Annual external penetration test (scoped to API + web surface). Remediation SLAs enforced. Summary redacted report available under NDA for prospects with > €50k ACV.