Trust
Security
How Aktara handles your data. Honest about what we do today, time-bounded about what’s in progress.
Compliance
SOC 2 Type I — in progress
We’re pursuing SOC 2 Type I certification, target Q3 2026. Until certification is complete, we don’t claim it. Contact security@aktara.ai for our current audit posture or to request our security questionnaire.
Data handling
Encryption in transit
All traffic between your browser, our infrastructure, and third-party services (Neon, Anthropic, Stripe, Resend) is protected by TLS 1.2+.
Encryption at rest
Your simulation data, outcomes, and business profile are stored in Neon (serverless Postgres). Neon encrypts all data at rest using AES-256.
AI provider terms
Inference runs through Anthropic’s API. Per Anthropic’s commercial terms, your prompts and completions are not used for model training.
Data retention
Simulations and outcomes are retained as long as your workspace exists. Delete your workspace to remove all associated data — honored within 30 days.
Subprocessors
Neon (database), Vercel (hosting), Anthropic (AI inference), Stripe (billing), Resend (email), Upstash (rate limiting). Full list on request.
Vulnerability disclosure
Found a security issue? Email security@aktara.ai with a proof of concept. We respond within 48 hours and won’t pursue legal action against good-faith research.
Out of scope: social engineering, DDoS, physical attacks, third-party services we don’t control.