Trust Center

Every claim here is traceable to code.

Security posture, data retention, sub-processors, and incident response. Forward-looking items say so. Nothing on this page is aspirational copy.

Data flow

Processed in Canada. Not stored.

Your text travels over TLS to the detection API (Fly.io, Toronto), is scored by Microsoft Azure OpenAI in a Canadian region, and the block/allow decision comes back. On that path the prompt is not written to any database. What we do keep, and for how long, is the table below, and each row is enforced in code or config.

Data classWhat it isKept for
Prompt text in flightThe text being scoredNot persisted. Scored, then discarded.
Session entity codesEntity category codes for cross-message detection ("an email was seen"), never values (DB constraint + CI test)24 hours
Redaction mapsOriginal values mapped to tokens, only when you use tokenize/restore30 days, plus on-demand DSAR deletion
Incident capturesRaw prompt text, only if your team opts in. Encrypted (server-side key or client-side zero-knowledge).Content cleared at 90 days, row at 365
Audit metadataEntity-type codes, platform, was-blocked. Never raw PII.365 days
Usage meteringPer-key request counts for billing. No prompt content.Retained for billing
Operational logsNo prompt or reply text, only lengths, hashes, countsProvider log window
BackupsRolling database snapshots5-day rolling window

Erasure on request: a data-subject erasure hard-deletes audit and incident rows and cascades to the detection API to delete redaction maps immediately rather than waiting out the 30-day TTL. If any step fails, the erasure is reported as failed, never as complete.

Security posture

How it is built.

The decision is server-side

The browser extension is a thin client that cannot override or weaken a block decision. Detection, scoring, and policy all run in the API.

Prompts are not persisted

On the detection path, text is sent to the detector, scored, and discarded. It is not written to a database. Session memory stores entity category codes only, enforced by a database constraint and a CI test.

Nothing sensitive in logs

No prompt or reply text is ever logged. Unreadable detector replies are logged as a length and a hash prefix, never content. Retention sweeps and erasures log counts only.

Encrypted in transit and at rest

TLS everywhere, including the database connection. Provider disk encryption at rest on Fly.io and Azure. Opt-in incident content gets application-layer encryption on top (server-side key, or client-side zero-knowledge where we never hold the key). Application-layer encryption of redaction maps is in progress and stated as roadmap, not claimed as shipped.

Fail-safe by design

An unreadable detector reply fails closed (blocks). An upstream outage returns HTTP 503 within seconds instead of hanging or silently allowing.

Access is one person, disclosed

PII Shield is operated by a single person with MFA on every production account (GitHub, Fly, Azure, Clerk, Stripe), secrets held only in provider secret stores, and no customer PII touched in operations outside the audited DSAR path. We disclose the bus factor rather than hide it; wind-down terms are in the incident-response doc.

Sub-processors

Who else touches data.

We notify customers before adding a sub-processor that touches their data. The AI sub-processor sees prompt text to score it; nobody stores it on the detection path, and per Microsoft's Azure OpenAI terms prompts are not used to train foundation models.

Microsoft Azure OpenAI

Canadian region

AI detection engine. Prompt text in transit for the scoring call; not retained by us.

DPA / terms

Fly.io

Toronto (yyz); US entity under DPA + SCCs

Application + database hosting. Data at rest (Postgres) and the runtime.

DPA / terms

Clerk

US

Dashboard authentication. Dashboard user identity (email, auth), not prompt data.

DPA / terms

Stripe

US / global

Billing / payments. Billing contact and payment data (Stripe-held), not prompt data.

DPA / terms

Resend

US

Transactional email. Recipient email address and message content we send.

DPA / terms
Incident response

The 72-hour commitment.

On confirming a personal-data breach that affects customer data, we notify affected customers without undue delay and within 72 hours of confirmation, with the nature of the breach, the data classes involved, the likely consequences, and the mitigation taken.

This aligns with PIPEDA breach-of-security-safeguards obligations and the GDPR Article 33 standard. Because prompts are not stored and session data is metadata-only, the blast radius of most incident classes is structurally limited, and investigations use metadata (counts, hashes, timestamps), not your content.

Certifications

The honest SOC 2 answer.

No, and at this price we will not pretend to. Here is our security overview, sub-processor list, data-flow, and DPA. SOC 2 is on the roadmap once revenue supports the audit cost. If SOC 2 is a hard requirement today, we are not your vendor yet.

A completed CAIQ-Lite self-assessment (the industry-standard middle ground) and a pre-answered security questionnaire are available on request, alongside the full trust pack and our DPA.

Want the full pack?

Security overview, retention tables, sub-processor DPAs, incident-response plan, CAIQ-Lite, and the DPA template. We send it as-is, no NDA required.

Request the trust pack