Trust & security

Security at CrossCompliance AI

CrossCompliance AI is built with enterprise-grade security from day one.

Security Overview

CrossCompliance AI is built with enterprise-grade security from day one. Our architecture prioritizes data isolation, secure-by-default infrastructure, and controlled access paths for every compliance artifact processed in the platform.

Data Protection

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Supabase with Row Level Security on all core tables.
  • No training on customer data — ever.
  • Data retained for 90 days after account deletion then purged.

Access Control

  • Email + password auth with bcrypt hashing.
  • Rate limiting on all endpoints.
  • Brute force lockout after 5 failed attempts.
  • HttpOnly + Secure session cookies.

Compliance Roadmap

  • SOC 2 Type I — In progress (target Q3 2026).
  • HIPAA BAA — Available for Enterprise tier.
  • GDPR — Data processing compliant.

Vulnerability Disclosure

Report security issues to security@crosscomplianceai.com.

Subprocessors

  • Supabase
  • Anthropic
  • Stripe
  • Vercel
  • Resend
  • Cloudflare
Last updated: April 2026← Back to home