Security

How we protect your data — verifiable facts only.

Where data lives

  • Application, database and background processing run in Tokyo regions (database: AWS Tokyo ap-northeast-1; web frontend: Tokyo edge hnd1; workers: Tokyo NRT).
  • Raw AI-assistant responses are stored in Cloudflare R2 (location hint: APAC).
  • Error-monitoring data (Sentry) is stored in the EU (Frankfurt, Germany).

Tenant isolation and access control

  • Row-level security (RLS) separates every customer’s data at the database level.
  • Authentication is passwordless (magic links) with rate limiting against brute force.
  • Team members get role-based permissions (owner, admin, member, viewer).

Encryption

  • Data in transit is encrypted with TLS 1.2+ (HTTPS/HSTS).
  • Data at rest is encrypted with AES-256-grade encryption.
  • Credit card numbers are captured directly by Stripe and never stored on our servers.

Backups and monitoring

  • Database backups support point-in-time recovery (PITR).
  • Continuous error and performance monitoring with PII filtering in telemetry.
  • Key operations are recorded in audit logs.

Payment security

  • Payment processing is delegated to Stripe, a PCI DSS Service Provider Level 1.

An honest note

We do not currently hold third-party certifications such as SOC 2 or ISO/IEC 27001. Everything listed above is implemented fact. See the privacy policy for data handling details and the external transmission disclosure for what leaves your browser.

Free AI check Talk to sales