Security & Trust

How we protect your data and ensure platform security

End-to-End Encryption

All data is encrypted in transit and at rest

Secure Infrastructure

Enterprise-grade cloud security

Privacy by Design

Your data is never used to train our models

Data Protection & Encryption

Encryption Standards

Data in Transit

TLS 1.3

Data at Rest

AES-256

Database Encryption

AES-256

Backup Encryption

AES-256

Data Handling

Uploaded files are processed temporarily and automatically deleted after analysis
Analysis results are encrypted and stored securely
No data is used to train AI models or shared with other customers
Data is geographically distributed with automatic failover

Infrastructure Security

Cloud Security

Vercel (Hosting)

SOC 2 Type II certified
ISO 27001 compliant
DDoS protection and WAF
Global CDN with edge security

Supabase (Database)

SOC 2 Type II certified
Row Level Security (RLS)
Automated backups and point-in-time recovery
Network isolation and VPC

Stripe (Payments)

PCI DSS Level 1 certified
SOC 1 Type II and SOC 2 Type II
ISO 27001 and ISO 27018 certified
Advanced fraud detection

Network Security

Web Application Firewall (WAF) protection
DDoS mitigation and rate limiting
Intrusion detection and prevention systems
Regular security scanning and vulnerability assessments

Access Control & Authentication

User Authentication

Password Requirements

Strong Policy

Two-Factor Authentication

Available

Session Management

Secure

OAuth Integration

Coming Soon

Internal Access Controls

Principle of least privilege for all team members
Multi-factor authentication required for all admin access
Regular access reviews and deprovisioning
Audit logging for all administrative actions

Compliance Journey

Working Toward Compliance

We are actively working toward compliance certifications using Vanta's automated security monitoring platform. Our infrastructure partners (Vercel, Supabase, Stripe) maintain their own certifications.

SOC 2 Type II

In Progress - Actively preparing with Vanta

GDPR

In Progress - Implementing required controls

ISO 27001

In Progress - Aligning with standards

HIPAA

In Progress - Building required safeguards

View our live Trust Center for real-time status

Security Monitoring & Incident Response

24/7 Monitoring

Real-time security event monitoring and alerting
Automated threat detection and response
Regular security scans and vulnerability assessments
Performance and availability monitoring

Incident Response

Less than 1 hour

Detection Time

Less than 4 hours

Response Time

Less than 72 hours

Notification Time

Security Team

Dedicated security professionals with industry certifications
Regular security training and awareness programs
Collaboration with external security researchers
Participation in responsible disclosure programs

Data Retention & Secure Deletion

Data Type	Retention Period	Deletion Method
Uploaded Files	Immediately after processing	Cryptographic erasure
Analysis Results	Duration of subscription	Secure deletion
Account Data	Until account deletion	Multi-pass overwrite
Billing Records	7 years (legal requirement)	Secure archival then deletion
Audit Logs	2 years	Automated purging

Security Best Practices for Users

Account Security

Use a strong, unique password for your DaytaBrain account
Enable two-factor authentication when available
Log out of shared or public computers
Regularly review your account activity

Data Security

Only upload data you have permission to analyze
Remove sensitive information before uploading when possible
Use secure networks when accessing the platform
Keep your browser and devices updated

Report Security Issues

Found a Security Vulnerability?

We take security seriously and appreciate responsible disclosure of security vulnerabilities.

Security Email: security@daytatech.ai

Response Time: Within 24 hours

PGP Key: Available upon request

What to Include

Detailed description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Your contact information for follow-up

Responsible Disclosure

We commit to acknowledging your report within 24 hours and providing regular updates on our progress. We ask that you give us reasonable time to address the issue before public disclosure.