The decision layer founders trust with their cap table.
Deterministic code, not language models. Per-tenant isolation, not shared databases. Your documents never leave our infrastructure and never train anyone's AI. Here's how.
SOC 2 Type I in progress · GDPR compliant · DPA available on request
Three non-negotiables.
Deterministic, not generative.
Our extraction, grading, and waterfall engines are code — regex, pattern matching, and tabular math. No language models touch your term sheets, cap tables, or founder agreements. Every number is traceable to a rule you can audit.
Your data trains no one.
Documents you upload are used only to produce your results. They are not sampled for analytics, shared with third parties, or used to train any model — ours or anyone else's. You can delete them at any time from Settings.
Per-tenant isolation by default.
Every query includes an organizationId filter enforced at the ORM layer. Cross-tenant leakage is structurally impossible because our middleware blocks unscoped queries. Independent test suites verify this on every deploy.
What runs under the hood.
Encryption
TLS 1.3 in transit. AES-256 at rest on Neon PostgreSQL. PII encrypted at the column level with rotating keys. Backups encrypted with the same keys.
Access control
Role-based permissions (Owner / Admin / Member / Viewer) cached in Upstash Redis. MFA available for all accounts. Session JWTs signed, rotated, and revocable.
Audit logging
Every mutation — create, update, delete — writes an append-only audit log entry with actor, org, timestamp, before/after diff. Available to Admin users in the workspace.
Rate limits & abuse
Login, forgot-password, signup, and contact endpoints are rate-limited on Upstash Redis (not in-memory — survives cold starts). CSRF tokens on every mutation. Brute-force detection on auth.
Disaster recovery
Daily encrypted backups, 30-day retention. Point-in-time restore within the last 7 days. Infrastructure managed across Vercel + Neon + Upstash with documented runbooks.
Breach notification
GDPR-compliant process: incident detected → scoped → customers notified within 72 hours. Notification goes through the platform's documented breach workflow, not a best-effort email.
Standards we align with.
Every GDPR right, self-serve.
No support tickets, no forms, no waiting. Every right is self-serve from your account settings and takes effect on request:
Export
Download everything you've ever uploaded or produced. JSON + PDF, signed and dated.
Rectify
Change any personal data we hold. Updates propagate to exports, snapshots, and audit logs.
Delete
Full account deletion. 30-day soft-delete window, then permanent removal from live systems; next backup rotation clears the archive.