Security

Last updated: February 22, 2026

GetDemand.ai is built with security at every layer. Your sales data, customer information, and business intelligence are protected by enterprise-grade security controls and privacy-first operating practices.

Encryption

  • β€’TLS 1.3 encryption for all data in transit
  • β€’AES-256 encryption for data at rest
  • β€’Encrypted database backups stored in geographically separate regions

Infrastructure

  • β€’Hosted on Vercel (provider publishes security attestations, including SOC reports)
  • β€’Database on Supabase (provider security controls plus row-level security support)
  • β€’All infrastructure runs on AWS with ISO 27001 certification
  • β€’Automatic failover and redundancy across availability zones

Access Control

  • β€’Role-based access control (RBAC) for team members
  • β€’Tenant-level data isolation β€” your data is never accessible to other accounts
  • β€’Session management with automatic timeout and single-session enforcement
  • β€’OAuth 2.0 and email/password authentication via Supabase Auth

Monitoring & Audit

  • β€’Real-time monitoring of platform health and security events
  • β€’Audit logs for account access and data changes
  • β€’Automated alerting for anomalous access patterns
  • β€’Regular dependency scanning for known vulnerabilities

Compliance

  • β€’SOC 2-aligned security practices and controls
  • β€’GDPR-ready privacy workflows and data processing terms support
  • β€’HIPAA-ready safeguards for protected health information use cases (see HIPAA page)
  • β€’Standard Contractual Clauses (SCCs) available/used where applicable for cross-border transfers

Incident Response

  • β€’Documented incident response plan with defined escalation procedures
  • β€’Target notification timelines based on applicable law and contract obligations (including GDPR timelines where applicable)
  • β€’Post-incident review and remediation for every security event
  • β€’Regular tabletop exercises to test response procedures

AI Data Processing

  • β€’AI agent processing uses OpenAI and Anthropic APIs with data processing agreements in place.
  • β€’Your data is not used to train third-party AI models. Both providers offer zero data retention for API usage.
  • β€’AI-generated content (emails, quotes, research) is stored in your account and is not shared across tenants.

Third-Party Subprocessors

ProviderPurposeLocation
VercelApplication hosting and CDNUnited States
SupabaseDatabase, authentication, storageUnited States
StripePayment processingUnited States
ResendTransactional email deliveryUnited States
OpenAIAI agent processingUnited States
AnthropicAI agent processingUnited States

Vulnerability Reporting

If you discover a security vulnerability, please report it responsibly:

  • β€’Email: security@getdemand.ai
  • β€’Include a description of the vulnerability, steps to reproduce, and potential impact.
  • β€’We will acknowledge receipt within 48 hours and provide a remediation timeline.
  • β€’Please do not publicly disclose the vulnerability until we have addressed it.