Data & Security
How we handle your data in plain language. This is not a legal document — it’s here so you know what happens under the hood.
Encryption
All data is protected with TLS 1.3 in transit and AES-256 at rest. Raw uploaded files are processed and not retained after extraction — we keep only the structured project data you need to run your workspace.
AI Privacy
We use the OpenAI API under a Data Processing Agreement. Data sent to the API is not used to train OpenAI models. We do not train any models on your data. Processing is for your workspace only.
Workspace Isolation
Every workspace is isolated with row-level security (RLS) policies in the database. There is no cross-user or cross-workspace access. Only you and people you explicitly invite can see your data.
Data Ownership
You can export or delete your data at any time. We retain backups for up to 30 days for recovery purposes; after that, your data is removed from our systems. You own your content.
Infrastructure
We run on Railway (US/EU) and Supabase (PostgreSQL). Both provide SOC 2–aligned hosting. Data is stored in regions you can choose where applicable.