Security Through
Honesty & Transparency

We are not independently SOC 2 certified yet. However, all your data lives on SOC 2 Type II certified infrastructure — Vercel and Supabase both hold current SOC 2 Type II certifications. We believe being honest about this matters more than pretending. We have DLP, row-level security, encryption at rest and in transit, and immutable audit trails. We plan to pursue independent SOC 2 certification once our Enterprise tier reaches sufficient scale.

Your data is stored on Supabase (backed by AWS) with AES-256 encryption at rest. Your application is served via Vercel's global edge network with TLS 1.3 encryption in transit. Both providers hold SOC 2 Type II certifications. We do not store data on local servers or unencrypted storage.

No. Your business data and customer conversations are never used to train any AI model. This is an architectural guarantee, not just a policy. Your data stays yours — always.

DLP (Data Loss Prevention) is our real-time scanning engine that automatically detects and blocks sensitive data patterns in conversations — credit card numbers, Social Security numbers, email addresses, phone numbers, API keys, and 13+ other patterns. If a customer accidentally shares their credit card number in chat, our DLP engine blocks it before it is stored or processed.

Yes. We comply with GDPR (both UK and EU versions). This includes: Data Processing Agreements (DPA) available on request, right to erasure (data deletion), consent management, breach notification within 72 hours (GDPR Article 33/34), and data minimisation principles. We also comply with the EU AI Act transparency requirements.

We have breach notification procedures in place. In compliance with GDPR Article 33, we will notify the relevant supervisory authority within 72 hours of becoming aware of a breach. Affected customers will be notified promptly with details of what happened, what data was affected, and what steps we are taking.

Yes. DPAs are available on request for all paid plans. Enterprise customers receive a DPA as part of their onboarding. Email hello@adityalabs.ai to request yours.

Yes, with honest caveats. Our platform is designed with regulated industries in mind — we offer DLP, data isolation, immutable audit trails, and attorney-client privilege handling. However, we are NOT HIPAA certified. For healthcare, our products are architected to stay outside the scope of HIPAA-regulated data by not collecting or storing Protected Health Information (PHI). We use PII-protected design patterns to keep your data safe without making compliance claims we cannot back up.

Many AI startups claim certifications they do not actually hold. We choose honesty. Instead of waving a badge we do not have, we show you exactly how your data is protected — through real technical safeguards (DLP, RLS, encryption), certified infrastructure (Vercel, Supabase), and transparent disclosure. We believe you deserve the truth.

Vercel holds SOC 2 Type II certification and provides DDoS protection, edge caching, and TLS 1.3. Supabase holds SOC 2 Type II certification and provides PostgreSQL with Row Level Security, AES-256 encryption at rest, and automated backups. Stripe (our payment processor) holds PCI DSS Level 1 certification. OpenAI (our AI provider) holds SOC 2 Type II certification.