Trust Center
How Enclave System handles your engineering data: our data-protection principles, the sub-processors we rely on, and an honest account of where AI processing happens.
Data-Handling Principles
No Model Training on Your Data
We use commercial AI APIs whose contractual terms prohibit using your prompts or outputs to train their models. Your engineering content is never added to a training set.
Encryption in Transit & at Rest
All traffic is protected with TLS. Extracted document text retained for audit support is encrypted with AES-256-GCM. Source files are never stored.
Metadata-Only Document Handling
Uploaded source files are processed and discarded — only metadata and an encrypted text excerpt for audit review are retained, never the original file.
Bring Your Own Database (BYODB)
Enterprise customers can host all persistent data in their own Supabase database, keeping long-term storage entirely under their physical control.
Human-in-the-Loop by Design
AI output is strictly advisory. Every safety classification requires a qualified human auditor to approve and cryptographically sign it; self-approval is blocked at SIL 3 and SIL 4.
Commercial API Tiers Only
We connect exclusively to paid commercial API tiers of our AI providers, which carry stronger data-protection commitments than free consumer tiers.
Sub-Processors
Enclave System uses the following third-party sub-processors. Each operates under its own data-processing agreement, linked below. We update this list as our infrastructure evolves.
| Sub-Processor | Purpose | Terms |
|---|---|---|
| Anthropic (Claude API) | AI Smart Classification (fallback model) for safety document analysis. | View policy |
| Google (Gemini API) | AI Smart Classification (primary model) for safety document analysis. | View policy |
| Supabase | Authentication, database hosting and row-level security. | View policy |
| Vercel | Application hosting and serverless compute. | View policy |
| Resend | Transactional email delivery (account and notification emails). | View policy |
| Cloudflare (Turnstile) | Bot protection and abuse prevention (Turnstile). | View policy |
Where AI Processing Happens — Full Transparency
Full transparency on retention: Enclave System currently uses the standard paid commercial API tiers of Anthropic and Google. Under these tiers your data is not used to train their models, but this is not Zero Data Retention (ZDR): the providers may retain inputs and outputs for a limited period (for example, up to 30 days) for security and abuse monitoring before deletion. ZDR and guaranteed regional (e.g. EU) processing require enterprise-level agreements and may be further restricted for certain advanced models under applicable safety regulations. Customers needing ZDR or region-pinned processing should contact us to discuss an Enterprise deployment.
Questions?
For data-protection, GDPR, DPA or sub-processor inquiries, contact our compliance team at legal@enclavesystem.com