Security & Data Privacy
Your campaigns, guidelines, and legal documents are sensitive. Here is exactly how CulturalLens protects them.
Data encryption
All data is encrypted with TLS 1.2+ in transit and AES-256 at rest on Supabase infrastructure. Encryption is on by default for every account — there is nothing to configure.
Data isolation
Row-level security is enforced at the database layer, not the application layer. Every query is scoped to your company — your projects, documents, and reports are access-restricted by row-level security and not exposed through application logic.
Private storage
All uploaded files live in private Supabase Storage buckets. Nothing is publicly addressable — access happens through signed URLs that expire after 5 minutes.
AI processing
Your files are sent to the Anthropic API for analysis. We do not use your uploaded content to train AI models. See our Privacy Policy for details on subprocessor agreements.
Data retention
Uploaded files are stored for the duration of your active subscription and are accessible to your team for report review. Analysis results and reports are retained for your account history. You can delete individual files, projects, or your entire account at any time from account settings.
No training guarantee
We do not use your uploaded content or analysis results to train AI models. This is governed by our agreements with AI subprocessors. See our Privacy Policy for the complete list of subprocessors and their data handling commitments.
Compliance roadmap
SOC 2 Type II certification is planned for Q4 2026. Enterprise customers can request our current security documentation and data processing details ahead of certification.
AI subprocessors
The following third-party AI services process your content as part of the CulturalLens analysis pipeline. None of these subprocessors use your content for model training under our agreements.
Security concerns?
Contact our security team at security@culturallens.com