Trust & Security

Your Security is Our Priority

ProposalVault is built with security-first principles. We understand you're trusting us with sensitive compliance documentation, and we take that responsibility seriously.

Encryption
Data protection at every layer
  • TLS 1.3 encryption in transit
  • AES-256 encryption at rest
  • Encrypted database backups
Infrastructure
Enterprise-grade hosting
  • Hosted on Vercel & Supabase
  • Built with SOC 2 principles in mind
  • Automatic failover & redundancy
Data Residency
Where your data lives
  • Primary data center in US
  • GDPR-compliant processing
  • No data transfer to unauthorized regions
Access Controls
Who can access your data
  • Role-based access control (RBAC)
  • Row-level security (RLS)
  • Audit logs for all actions
AI & Data Usage
How we use AI responsibly
  • Your data is never used to train AI models
  • AI queries are processed in real-time only
  • Embeddings stored only in your workspace
Data Retention
Your data, your control
  • Delete your data anytime
  • Account deletion removes all data within 30 days
  • Export your data before deletion

Important Disclaimers

Security Limitations

While we implement industry-standard encryption and security measures, no system can be guaranteed to be completely secure. We continuously work to improve our security posture, but users should be aware that all technology systems carry inherent risks.

Engineer Access

Authorized engineers may access user data only when required for debugging, security investigations, or customer support purposes. All such access is restricted to necessary personnel and is logged for audit purposes.

User Responsibility

Users are responsible for reviewing and verifying all AI-generated content and uploaded documents before use. ProposalVault does not verify the accuracy of user-submitted or AI-generated content. Actual results may vary based on the quality and relevance of uploaded source documents.

AI Provider Data Handling

Our AI providers (OpenAI, Groq) process your data only to generate responses and do not retain your data beyond the processing window. Your data is not used to train their AI models.

SOC 2 Compliance Status
Our commitment to security standards

ProposalVault is built with SOC 2 principles in mind. Our infrastructure providers (Vercel, Supabase) maintain SOC 2 Type II certifications. We are actively working toward our own SOC 2 Type II certification.

Current Status: SOC 2 readiness in progress. Our infrastructure and practices align with SOC 2 Trust Service Criteria. Formal certification timeline available upon request.

For security questionnaires or to request our security documentation, please contact security@proposalvault.com

Subprocessors

We use the following third-party services to provide ProposalVault:

ProviderPurposeLocation
VercelApplication hostingUnited States
SupabaseDatabase & authenticationUnited States
OpenAIDocument embeddingsUnited States
GroqAI inferenceUnited States
StripePayment processingUnited States

Incident Response

In the event of a security incident affecting your data, we commit to:

  • Notifying affected customers within 72 hours of confirmed breach
  • Providing detailed information about what data was affected
  • Sharing remediation steps and timeline

Security FAQ

Do you have a SOC 2 report?

We are currently in SOC 2 readiness and working toward Type II certification. Our infrastructure providers (Vercel, Supabase) are SOC 2 Type II certified. Contact us for our current security documentation.

Is my data used to train AI models?

No. Your documents and generated content are never used to train any AI models. Data is processed in real-time for answer generation only.

Can I get a copy of my data?

Yes. You can export your projects, answers, and documents at any time. Contact support for a complete data export.

How do I report a security vulnerability?

Please email security@proposalvault.com with details of the vulnerability. We appreciate responsible disclosure and will respond within 48 hours.

Contact & Support

General Support

Need help with your account, have a question, or want to provide feedback?

support@proposalvault.com

Replies within 1 business day

Security & Compliance

For security questionnaires, vulnerability reports, or compliance documentation:

security@proposalvault.com

Have security questions?

Our team is happy to answer security questionnaires and provide documentation.