TraitTune, Inc. builds a privacy-preserving layer between people and AI, so the data we hold is among the most sensitive a company can process — and we protect it accordingly. End-user content is encrypted at rest with AES-256-GCM under AWS KMS key policies that deny decryption to every human principal; only the application can read it. Every user table is isolated with row-level security, all traffic is TLS-encrypted, and our email domain enforces DMARC p=reject.
We are transparent about status: our SOC 2 program is in progress (Type I targeted, then Type II) and our controls are aligned with ISO/IEC 27001 — we do not claim certifications we have not yet earned. Our GDPR and CCPA data-rights machinery (export, deletion with irreversible anonymization, no sale of personal data) is live today. AI features run on enterprise foundation models inside our own AWS environment; user content is never sent to third-party AI vendors and never used to train third-party models.
This Trust Center gives your procurement and security teams what they need in one place: our current framework status, published policies, subprocessor list, a Security & Privacy Whitepaper, and a ready-to-execute Data Processing Agreement. For a security questionnaire or anything not covered here, contact security@traittune.com.