Trust Center
The page your procurement / security team will ask for. Everything here is current as of the date stamped at the bottom; we update this page every time something material changes.
Measured quality
Every claim Securie ships is published here with last-measured timestamp and a link to signed evidence. We list a row here only once it is actually measured — no “pending” placeholders, so every number on this page is real. Snapshot built 2026-05-15 from commit 541afae — 4 measured rows.
Tier 1 — Verifiable claims
Securie ships supply-chain integrity proof per finding + fix (DSSE-signed in-toto v1).
Every fix-PR ships a signed bundle (exploit reproducer + patch diff + sandbox replay log + regression test + DSSE signature). Run `securie verify <url>` to confirm.
Tier 2 — Adversarial + reliability floor
Nightly detector finds reverted Securie fix-PRs and routes finding and customer-reason evidence into the detector feedback corpus.
Tier 3 — Process + third-party
Verifies that Securie runs stock-weight open-source models with no training or fine-tuning pipeline — so customer code cannot enter model weights.
Compliance posture
We claim only what we've completed. The line below is what ships on the marketing surface today.
- SOC 2 Type II — in progress. Engaged with a Big-4-adjacent auditor; observation window opens once we have our first paid Business-tier customer.
- GDPR (EU 2016/679) — compliant. DPA executable on request; SCC 2021 (Modules 2 & 3) for non-adequacy transfers.
- EU AI Act (2026 effective) — model card published, human-oversight docs, risk-management docs in place. Notified-Body conformity assessment scheduled Year 2.
- CCPA / CPRA — compliant; DSAR turnaround under 45 days.
- ISO 27001 / 27017 / 27018, FedRAMP, HIPAA, PCI-DSS, HITRUST — deferred. We do not claim these. Audit windows take wall-clock months; we'll list them here when they complete.
The no-training guarantee
On every tier, free and paid alike: Securie does not use your code as training data. Not for our own models, not via third-party providers, not for product improvement, not for shared corpora.
Enforced technically because Securie has no fine-tuning or model-training pipeline at all (the infrastructure that could have ingested code into a training corpus was removed in its entirety), and procedurally via SOC 2 control sampling and a signed training-data attestation.
Sub-processors
Every third party that touches Customer data. We notify Customer 14 days before adding a new sub-processor — subscribe below and you'll receive that notice automatically. Unsubscribe link on every email; we don't use this list for anything else.
| Sub-processor | Purpose | Region | Data handled | DPA |
|---|---|---|---|---|
| AWS | Primary infrastructure (compute, storage, RDS Postgres) | us-east-1; eu-central-1 for EU-residency tenants | All tenant data in transit + at rest (encrypted) | Link |
| Cloudflare | DNS, WAF, edge cache, DDoS mitigation | Global edge | Request metadata, TLS termination | Link |
| Vercel | Hosting for the marketing site + dashboard frontend | Global edge (no customer code stored) | Account session cookies, request logs | Link |
| Stripe | Payment processing for paid-tier subscriptions | US + EU (Stripe routes per merchant location) | Billing email, payment method (PCI-scoped to Stripe) | Link |
| Resend | Transactional email (login, audit notifications, finding alerts) | US (us-east-1) | Recipient email + email body | Link |
| OpenRouter | Primary LLM-inference router for ~95% of specialist calls (GLM-5.1, Hermes 4 405B — both MIT-licensed open weights) | Provider-routed (varies per model) | Sanitized diff hunks at scan time. Secrets redacted before send. Not retained by Securie. OpenRouter retention per their TOS. | Link |
| Anthropic | Paid self-serve frontier escalation last-resort (Claude Sonnet 4.6) — <5% of specialist traffic, hard-blocked for Enterprise contracts | US | Sanitized diff hunks for the <5% of paid self-serve cases that hit frontier escalation. Free has no frontier escalation; Enterprise contracts can run no-frontier. | Link |
| Google AI | Gemini Flash-Lite as secret-scan fallback only | US (multi-region) | Sanitized diff hunks; secret-scan chain only | Link |
| GitHub | OAuth identity provider + GitHub App scan target | US | OAuth identity (subject + email), repository content (read-only) | Link |
| Sentry | Application error monitoring | US (us-east-1) | Stack traces + error context (no customer code) | Link |
Encryption & data handling
- Encryption in transit: TLS 1.3 minimum on every ingress. HSTS preload-listed; no plaintext fallback.
- Encryption at rest: AES-256 on every Postgres volume + every artifact bucket. Sub-processor (AWS) keys customer-managed via KMS at Enterprise.
- Tenant isolation: Postgres Row-Level Security on every tenant-scoped table (25 of 51 migrations enable RLS). Application layer adds a defence-in-depth tenant_id filter on every query.
- Secret sanitization before LLM calls: AWS keys, Stripe / GitHub / OpenAI / Anthropic tokens, JWTs, RSA private keys, Postgres URLs all redacted before any prompt is built.
- Attestation chain: every finding + fix + dismissal signs a DSSE / in-toto v1 envelope you can verify with stock cosign tooling without calling Securie.
Data residency
Default: US (AWS us-east-1). EU-residency available at Private Pro tier and above (eu-central-1). The Enterprise tier deploys on-premises in your network — code never leaves your perimeter because you own the host and hold the keys.
AI inference & data handling
Specialist inference is OSS-first: MIT-licensed open weights (GLM-5.1 via OpenRouter, Hermes 4 405B via OpenRouter, Foundation-Sec-8B self-hosted) handle the ordinary path. Free has no frontier escalation. Paid self-serve frontier escalation (Claude Sonnet 4.6) is bounded to <5% of specialist traffic and hard-blocked for Enterprise contracts via TenantOverrides::ENTERPRISE.
Three inference paths. Tenants pick the path their data-handling posture requires:
- Standard (Free → Team): Securie-orchestrated zero-retention endpoints, MIT-OSS-first weights, bounded frontier escalation for the hardest 5%. Customer code reaches third-party providers under operator-asserted zero-data- retention contracts.
- Private Inference (Business+): customer code reaches ONLY Securie-operated infrastructure. No third-party AI provider in the path; the router fails closed at the boundary instead of falling through to OpenAI / Anthropic / OpenRouter / Google for any specialist call, adjudicator call, or fix-loop call. Enforced at every entry to
Router::complete()via the DB-backed inference-path resolver — not as an opt-in per call. - Sovereign (Enterprise): the model stack runs on-premises in your network. No inference traffic leaves your perimeter because you own the host and hold the keys.
Universal floor (every tier): zero data retention on every third-party provider account (operator- asserted at boot via SECURIE_ZDR_ASSERTED), TLS 1.3 on every hop, secret redaction before any prompt is built, minimal-context (no spec-doc bulk leak), and "no training on customer code" in every provider contract.
Incident response
- Detection: Sentry + log-based alerts on auth anomalies, tenant-isolation violations, model-call failures.
- Notification: Customer notified without undue delay (target: 24 hours) of any confirmed Personal Data breach affecting their data.
- Disclosure: public security disclosures land at /legal/responsible-disclosure; PGP key in
/.well-known/security.txt.
Your rights (GDPR / CCPA)
Access, correct, export, or delete your data via dsar@securie.ai (replies within 30 days under GDPR Art. 15–17, 45 days under CCPA §1798.130). Account-level export and deletion via the Server Action surfaces ship on the dashboard's settings page.
Last reviewed: 2026-05-06. Material changes notified 30 days in advance to account owners; non-material edits dated-versioned here. Questions: trust@securie.ai.