Trust
How we protect your data
Your data is yours. We process it to deliver results, then we let it go. No persistent storage, no training on your inputs, no surprises.
No file storage
Files you upload are read into memory, processed, and discarded. We never write your documents to disk or store them in a database. Once your analysis or report is generated, the source data is gone.
Encryption in transit
Every connection to Insolla uses TLS (HTTPS). Data moving between your browser, our servers, and third-party APIs is encrypted end-to-end. We enforce HSTS and modern cipher suites.
Authentication
User accounts are managed by Clerk, an enterprise-grade auth provider. Passwords are never stored on our servers. Clerk supports MFA, social login, and session management with automatic token rotation.
Payment security
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. We never see, store, or have access to your full card number. Stripe handles billing, invoicing, and subscription management.
AI processing
Our tools use Anthropic's Claude API to analyze your data. Anthropic does not use API inputs to train models. Your data is processed and discarded per their enterprise data policy. We do not send identifiable metadata with API calls.
Infrastructure
Insolla is hosted on Vercel's edge network with automatic DDoS protection and global CDN. Our database runs on Supabase with row-level security policies. All infrastructure providers maintain SOC 2 compliance.
Security headers
| Header | Value | Purpose |
|---|---|---|
| X-Content-Type-Options | nosniff | Prevents MIME type sniffing attacks |
| X-Frame-Options | SAMEORIGIN | Blocks clickjacking via iframes |
| Referrer-Policy | strict-origin-when-cross-origin | Limits data shared in referrer headers |
| Permissions-Policy | camera=(), microphone=(), geolocation=() | Disables access to sensitive browser APIs |
Third-party providers
We use a small set of trusted, enterprise-grade providers. Each maintains their own security certifications and data handling policies.
Anthropic (Claude API)
AI analysis and generation
Does not train on API inputs
Stripe
Payment processing
PCI DSS Level 1 certified
Clerk
Authentication and identity
SOC 2 Type II certified
Vercel
Hosting and edge network
SOC 2 Type II certified
Supabase
Database and storage
SOC 2 Type II certified
Resend
Transactional email
GDPR compliant
Questions about security?
If you have questions about how we handle data, need documentation for your compliance team, or want to discuss specific requirements for your organization, reach out directly.
Info@Insolla.aiAlso see our Privacy Policy and Terms of Service