# Data & Security

> How we handle your data in plain language. This is not a legal document — it is here so you know what happens under the hood.

## Encryption

All data is protected with TLS 1.3 in transit and AES-256 at rest. Raw uploaded files are processed and not retained after extraction — we keep only the structured project data you need to run your workspace.

## AI Privacy

We use the OpenAI API under a Data Processing Agreement. Data sent to the API is not used to train OpenAI models. We do not train any models on your data. Processing is for your workspace only.

## Workspace Isolation

Every workspace is isolated with row-level security (RLS) policies in the database. There is no cross-user or cross-workspace access. Only you and people you explicitly invite can see your data.

## Data Ownership

You can export or delete your data at any time. We retain backups for up to 30 days for recovery purposes; after that, your data is removed from our systems. You own your content.

## Infrastructure

We run on Railway (US/EU) and Supabase (PostgreSQL). Both provide SOC 2–aligned hosting. Data is stored in regions you can choose where applicable.

## Related

- Privacy policy: https://www.neither.online/privacy.md
- Terms of service: https://www.neither.online/terms.md
- Home: https://www.neither.online/