Trust & privacy

Built like a financial system.

Procurement kills more deals than product feedback does. So we treated trust as a feature from day one. Here is exactly what we see, what we don't, and what your CISO needs to know before the call.

Reassurance 1

We never see your customer list.

The agent works on aggregated marketing performance only. Spend, conversions, ROAS, channel attribution, pipeline value. PII is filtered at the source before our agent ever sees it.

Your customer records, contact lists, and audience exports stay where you put them. Names, emails, phone numbers, addresses: never leave your tenant. The connectors are scoped to performance objects only.

Reassurance 2

You own the data. We operate the workflow.

OAuth connections you can revoke any time, in your tool, without asking us. We never request admin access. Read-only scopes wherever they exist.

At Pro tier, we connect to a read-only role you create in your warehouse. Every query we run is logged in your Snowflake or BigQuery audit log. Independent verification, on your terms.

At Enterprise, customer-managed encryption keys. EU data residency. Customer-controlled retention windows.

Reassurance 3

Your conversations never train models.

Zero data retention from the model provider (Anthropic). Your prompts and responses are never used to train AI. Contractually enforced.

SOC 2 Type II audit completing end of 2026. GDPR DPA available today. EU data residency at Enterprise tier. Dedicated security questionnaire response within 48 hours.

Sub-processors

Every vendor that touches your data, named.

Anthropic (model inference, zero retention). Vercel (hosting). Neon (Postgres). Upstash (queue). Cloudflare (CDN, WAF). Clerk (authentication). That is the full list. No analytics SDKs in the workspace. No tracking pixels. No third-party tag firing on the surface.

If we add a sub-processor, you get 30 days notice and the right to object. The full DPA addendum is available on request.

Procurement Q&A

The 12 questions your CISO is going to ask.

Where is data stored?
US (Vercel, Neon, Upstash US regions) by default. EU residency at Enterprise.
Encryption?
TLS 1.3 in transit. AES-256 at rest. Customer-managed keys at Enterprise.
SOC 2?
Type II audit completing end of 2026. Type I report available now under NDA.
GDPR?
DPA available today. SCCs included. Data subject request process documented.
Model training on our data?
No. Zero retention from Anthropic. Contractually enforced.
Static IP for our allow-list?
Yes at Pro and Enterprise. Documented range, change notice 30 days.
SSO?
SAML at Enterprise. OAuth (Google, Microsoft) at all tiers.
Audit log?
Yes. Every Approve action, Ask query, and admin change. Exportable to your SIEM.
Hallucination protection?
Every claim cites source rows. Strategist review on high-stakes answers before they reach the client.
Termination?
30 days notice. Full data export in your warehouse format. Connectors revoke immediately on your side.
Insurance?
$2M cyber liability, $1M E&O. Certificate available on request.
Pen testing?
Annual third-party. Latest summary report available under NDA.
Get the security packet

Send the questionnaire.

We respond to security questionnaires within 48 hours. SOC 2 Type I, DPA, sub-processor list, and the full security overview in one packet.

Request the packetSee pricing