Security

We are working through SOC 2 Type II certification with our auditor. We will publish our report when it lands. We are NOT yet SOC 2 certified.

All data at rest is encrypted (AES-256) by Supabase / AWS S3 / Modal volumes. All data in transit is TLS 1.2+. Page images sent to GPU workers use signed URLs that expire in 5 minutes.

Every customer-facing table includes organization_id. Postgres Row-Level Security enforces "you only see your org" on every read. Server-side service role is used only for system-level operations (cron jobs, audit log writes) — never to bypass org isolation for end-user requests.

Document storage: Supabase (US-East). Vision page renders: Supabase storage bucket vision-pages. Embeddings: Postgres pgvector (same DB). GPU processing happens ephemerally on Modal (US) and/or Colab (Google US) — pages are processed via signed URLs and never persisted to the GPU host.

We do not send customer documents to OpenAI, Anthropic, HuggingFace, or any third-party model provider for training. Anthropic API calls (handwriting detection, embeddings, etc.) use the no-training-on-data setting. ColQwen2 weights are downloaded from HuggingFace once at GPU boot; no document data flows back to HuggingFace.