ExeechainExeechain
PricingStart free
  1. Home/
  2. Docs/
  3. Security at Exeechain

Legal

Security at Exeechain

Last updated: April 16, 2026

We treat your customer data the way we'd want our own customer data treated. This page describes the controls we have in place today and our compliance roadmap.

Encryption

  • In transit: TLS 1.2+ on every connection. HSTS enabled. No mixed content.
  • At rest: AES-256 on database volumes (provided by Supabase / Vercel Postgres).
  • Application secrets: Stored in Vercel encrypted env vars, never committed to source control.

Access controls

  • Workspace data is strictly tenant-isolated at the database query layer. Every query filters by workspaceId.
  • Production database access is limited to two engineers, behind hardware-key 2FA.
  • All admin actions on customer accounts are written to an immutable audit log (Settings → Audit Log).
  • Principle of least privilege for all third-party integrations (read-only API keys wherever possible).

Authentication

  • User authentication is handled by Clerk, a SOC 2 Type II compliant identity provider.
  • Password requirements: 12+ characters, breached-password detection enabled.
  • 2FA available on all paid plans. SSO / SAML on Enterprise.

Infrastructure

  • Hosting: Vercel (US-East primary, EU-West secondary on Enterprise).
  • Database: Supabase Postgres with point-in-time recovery (7 days standard, 30 days on Enterprise).
  • Backups: Daily automated, encrypted, restorable.
  • DDoS: Cloudflare in front of every public endpoint.

Compliance

  • GDPR: Compliant. Data Processing Addendum available on request — email legal@exeechain.com.
  • CCPA: Compliant.
  • SOC 2 Type II: Audit in progress (target Q3 2026). Type I report available on request to enterprise customers.
  • HIPAA: Not currently. Do not upload PHI.

Vulnerability disclosure

Found a vulnerability? Email security@exeechain.com. We'll acknowledge within 24 hours and triage within 72. We do not currently offer a paid bounty, but we credit researchers in our public Hall of Fame and respond fast.

Incident response

Security incidents are classified Critical / High / Medium / Low and handled per our internal runbook. Customers affected by any incident rated High or Critical are notified by email within 72 hours per GDPR Article 33, with a post-mortem published within 7 days.

Reporting and audits

Enterprise customers can request: SOC 2 Type I report (NDA required), penetration test summary, recent SBOM, security questionnaire response (CAIQ format). Email security@exeechain.com.

What you can do

  • Enable 2FA on your account.
  • Use SSO if you're on Enterprise.
  • Review your team's seats regularly (Settings → Team).
  • Rotate your API key if you suspect compromise (Settings → API Keys).
Questions about this policy? Email legal@exeechain.com.
ExeechainExeechain

The revenue intelligence layer for modern SaaS. Know which customers are leaving 30 days before they decide — and keep them.

Product

  • Features
  • Why Exeechain
  • Pricing
  • Sign in

Company

  • Contact
  • Careers
  • Press

Resources

  • API reference
  • Support

Legal

  • Privacy
  • Terms
  • Security
SOC 2 Type IIGDPR CompliantISO 27001HIPAA Ready
All systems operational·99.99% uptime
© 2026 Exeechain, Inc.·Built for SaaS teams who take retention seriously.
Made in San Francisco·Sign in