Security and trust
This template includes a practical baseline trust page. Replace placeholders with your legal/security team approved details.
Data Handling
Customer content is encrypted in transit and at rest where supported by infrastructure vendors. Access is restricted by role and audited.
Subprocessors
| Vendor | Purpose | Location |
|---|---|---|
| Vercel | Hosting and edge delivery | United States |
| OpenAI | AI inference APIs | United States |
| Resend | Transactional email | United States |
Retention Policy
Account and billing records are retained for legal and tax compliance periods. Product event data can be deleted upon request from authorized admins.
AI Model and Data Policy
Prompt and response payloads are processed only to deliver product functionality. Training usage is disabled when supported by model providers and account settings.
Contact Security
Report vulnerabilities or security concerns to security@example.com. Include reproduction steps and impact details for faster triage.