Security & Privacy
Measuring trust requires safety.
TLS-protected transit, encrypted storage, and privacy-first reporting designed for candid reflection.
Infrastructure
Built for enterprise security.
Every layer designed to protect sensitive leadership reflections.
Reflection anonymisation
Colleague reflections are stripped of identifiers before aggregation. No individual sources exposed.
AES-256 encryption
Data encrypted at rest and in transit with TLS.
Role-based access
Granular permissions. Leaders see aggregate data only.
Data residency options
Enterprise deployments can discuss region and dedicated environment requirements.
Privacy & compliance
DPA available. GDPR-aligned data handling. Hosted on SOC 2 Type II-certified infrastructure.
View DPASSO & SAML
Enterprise SSO and SAML options.
Privacy principles
Four “No's” that matter.
What we deliberately don't do to preserve psychological safety.
No individual tracking
We aggregate reflections into patterns. No "who said what" logs.
No HR backdoors
Organisations see trends, not individual reflections or scores.
No surveillance posture
Smart prompts never reveal sources. Outliers are dampened.
Limited processor access
Access is limited to the infrastructure and AI providers needed to run the service under controlled policies.
Compliance
Enterprise-ready compliance.
Built for enterprise security reviews and privacy-sensitive rollouts.
Hosted on SOC 2 Type II-certified infrastructure
Supabase-managed hosting
GDPR-ready data handling
Access, correction, and deletion support
Enterprise SSO
SAML-compatible setup
Private environment options
Discuss dedicated setup needs with our team
DPA ready
Custom agreements
Enterprise security controls
RLS, access control, and privacy-first architecture
Enterprise features require an Enterprise rollout. Contact sales for custom security requirements, pen testing, and compliance documentation.
Need to discuss security for your rollout?
Enterprise-grade infrastructure. Privacy-first architecture.