Trust Center
Trust & Security
How DBA Check handles security, privacy, and legal transparency.
Last updated: February 18, 2026
Security model
- •All API keys stay server-side and are never exposed in the browser.
- •Company-level isolation is enforced with Supabase RLS policies.
- •Rate limiting and audit logging are enabled on critical routes.
- •Data in transit uses TLS and storage is encrypted by infrastructure providers.
Privacy & retention
- •Extracted contract text is automatically deleted after 30 days.
- •Only metadata and scoring results are retained for reporting and trend analysis.
- •You can export data (CSV) and permanently delete your account from Settings.
- •PII is sanitized before AI analysis where possible.
Key subprocessors
These providers process data on behalf of DBA Check.
| Provider | Purpose | Region |
|---|---|---|
| Supabase | Authentication, PostgreSQL data, file storage | EU |
| Vercel | Application hosting and edge delivery | EU/Global |
| Anthropic | AI contract analysis | US/EU endpoints |
| Stripe | Billing and subscription processing | Global |
| Resend | Transactional emails (reports, invites) | EU/US |
| Upstash | Rate limiting and cache | EU/Global |
Incident response
- 1Detection and triage are initiated as soon as a potential incident is identified.
- 2Access is contained and affected systems are isolated where necessary.
- 3Root cause analysis and remediation are performed with full audit logging.
- 4If required, customers are notified with scope, impact, and recovery actions.