Trust Center
Security, privacy, and compliance are foundational to DataRoom Snap. Here's how we protect your data.
Security Overview
Data Encryption
- AES-256 encryption at rest via Supabase (PostgreSQL)
- TLS 1.3 encryption in transit for all connections
- Encrypted file storage for uploaded documents
Access Control
- Role-based access control (Admin, Analyst, Viewer)
- 18 granular permissions per role
- SSO/SAML support (Okta, Azure AD, Ping Identity)
- IP allowlisting per organization
Data Isolation
- Row-Level Security (RLS) on all database tables
- Organization-scoped data — no cross-tenant access
- Separate storage buckets per organization
Audit & Compliance
- Immutable, hash-chained audit trail for every action
- 7-year audit log retention for regulatory & forensic needs
- GDPR Articles 15–22 self-service in /settings (export, delete, opt-out)
- Per-category cookie consent banner with auditable consent log
- SOC 2 Type II readiness pack available on request
AI & Data Privacy
- Documents analyzed via Anthropic Claude API
- Your data is NEVER used to train AI models (per Anthropic’s API Terms)
- Analysis results stored in your org’s isolated database
- No third-party data sharing
Infrastructure
- Hosted on Vercel (Edge Network, 99.99% uptime SLA)
- Database on Supabase (AWS us-east-1)
- EU data residency available on Enterprise plan
- Automated backups with point-in-time recovery
Compliance
SOC 2 Type II
Readiness pack ready
GDPR
Aligned
CCPA
Aligned
Anthropic API
No-train partner
Sub-processors
Vendors that process customer data on our behalf. Each is engaged under a DPA with confidentiality and breach-notification clauses.
| Vendor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting & edge network | USA / global |
| Supabase | Postgres database, auth, object storage | AWS us-east-1 (EU available) |
| Cloudflare | DNS and edge proxy | USA / global |
| Anthropic | Claude API for document analysis (no training on inputs) | USA |
| Stripe | Payments & subscription billing | USA |
| Resend | Transactional email | USA |
| Sentry | Error monitoring (PII-scrubbed) | USA / EU |
| PostHog | Product analytics (no document content) | USA / EU |
| WorkOS | SSO & SCIM (Enterprise only) | USA |
Material changes are communicated to Enterprise customers at least 30 days in advance.
Vulnerability disclosure
Found a security issue? Email security@dataroomsnap.com with reproduction steps. We acknowledge within 1 business day and aim to triage within 5 business days. Coordinated disclosure is appreciated; we do not pursue legal action against good-faith researchers.
Security Practices
- Penetration testing (annual)
- Dependency vulnerability scanning (automated)
- Least-privilege access for all team members
- Incident response plan with 24-hour notification SLA
- Background checks for all employees with data access