← Back to DocSentinel

Security & Compliance

DocSentinel is built on enterprise-grade infrastructure with security at its core.

Infrastructure Security

Our architecture leverages Google Cloud Platform and Supabase to provide bank-level security while maintaining data residency.

Layer	Provider	Certifications
Compute	Google Cloud Run	SOC 2, ISO 27001
Database	Supabase	SOC 2 Type II, HIPAA
Storage	Cloud Storage	SOC 2, ISO 27001
AI	Vertex AI	SOC 2, ISO 27001

Data Residency: All customer data is stored and processed exclusively within the EEA (Belgium, Germany).

Data Protection

• Encryption in Transit: TLS 1.3 enforced on all connections.
• Encryption at Rest: AES-256 for database and file storage.
• Isolation: Multi-tenant isolation using Row-Level Security (RLS).
• Audit Logs: Comprehensive audit trail of all data access.

GDPR Compliance

We are fully committed to GDPR compliance:

• Privacy by Design: Security is built into our core architecture.
• Data Minimization: Only essential data is retained.
• Breach Notification: Incident response procedures are in place for 72-hour notification.
• Data Rights: Full support for data access and deletion requests.

Incident Response

We maintain a documented incident response plan regarding detection, containment, notification, recovery, and post-incident analysis.

Compliance Roadmap

We are transparent about our journey to certification:

Milestone	Target Date	Status
GDPR Compliance (DPA available)	Q1 2026	✅ Complete
SOC 2 Type I Audit	Q3 2026	In Progress
ISO 27001 Certification	Q4 2026	Planned

For security inquiries or to request a detailed security questionnaire, contact security@docsentinel.io.