How we protect your data.
We do not have SOC 2 or SSO yet. Here is what we do have, and what we do not have, in plain English.
What we do today.
Encryption at rest
Neon Postgres encrypts every row at rest by default. Backups are encrypted too.
TLS in transit
HTTPS on every public endpoint. Internal service-to-service calls go over TLS inside Vercel's private network.
Role-based access control
Owner, Editor, Viewer. 60+ route guards enforce the split server-side, not client-side. Audit log on every invite and setting change.
Least-privilege IAM
Every Vercel serverless function runs with the minimum scope it needs. No shared admin keys.
Stripe for payments
We never touch your card number. Stripe handles PCI DSS compliance end-to-end.
Passwordless magic-link auth
Primary auth is a signed magic link delivered via Resend. Password flows exist but are secondary. No password reuse, no "password123" problem.
What we do not have yet.
We are bootstrapped and solo-founder. These ship when the customer base justifies them. Until then, zero marketing dust over the gaps.
- SOC 2 Type II. Planned once we hit the ARR threshold that justifies the audit.
- SSO / SAML. Available from Business tier is a common ask, not yet built.
- MSA. We ship public Terms of Service. Custom MSAs come with Enterprise contracts if needed.
- BAA / HIPAA posture. We do not sign BAAs and will not for the foreseeable future. If you handle PHI, use a HIPAA-compliant alternative.
Security question?
Email aisightline@gmail.com. The founder reads every message. Expected response time: 24 hours.