Security

Your organizational data is sensitive. We treat its protection as our highest priority.

Encryption

All data is encrypted at rest using AES-256 encryption — the same standard used by financial institutions and government agencies. Data in transit is protected by TLS 1.3, ensuring secure communication between your browser and our servers.

Infrastructure

ChartGap is hosted on AWS infrastructure with multi-region redundancy. Our database runs on Supabase with automated backups, point-in-time recovery, and strict network isolation. We maintain a 99.9% uptime SLA for all paid plans.

Compliance

We are working toward SOC 2 Type II certification and are GDPR compliant. Our data processing practices align with enterprise security requirements. We conduct regular security audits and vulnerability assessments to maintain the highest standards.

Access Controls

Authentication is handled through Supabase Auth with support for email/password and magic link sign-in. All API requests are authenticated and authorized through Row-Level Security policies, ensuring users can only access their own organizational data.

AI Data Handling

When you use ChartGap's AI features, your organizational data is sent to Anthropic's Claude API for processing. This data is used solely to generate your analysis results and is not stored by Anthropic or used to train AI models. All AI API calls are made over encrypted connections.

Responsible Disclosure

If you discover a security vulnerability in ChartGap, we encourage responsible disclosure. Please contact us at security@chartgap.com with details and we will respond within 48 hours.