Encryption
- TLS 1.2+ in transit
- Managed database encryption at rest
- Encrypted backups and object storage
Security & Trust Centre
Security is a product requirement in Hoopoe, not a final deployment task. Review how we approach isolation, encryption, auditability, AI governance, and recovery.
Current Controls
Roadmap Controls
Data processing
Hoopoe collects only what is needed, scopes prompts and outputs to a workspace, and does not use customer content to train external models without explicit opt-in. Retention is configurable for enterprise workspaces.
| Provider | Purpose | Data |
|---|---|---|
| Supabase | Database, auth, storage | Customer data |
| OpenAI | AI generation | Content prompts and outputs |
| Stripe | Payment processing | Billing data |
| Hosting platform | Application hosting | Application data |
Active subscription data is retained while the workspace is active. Export, correction, deletion, and objection workflows follow GDPR-aligned handling.
Detection, triage, containment, communication, eradication, recovery, and lessons learned are tracked through a formal process.
Automated backups, restoration tests, recovery objectives, and disaster recovery exercises are part of the operating model.
| Framework | Status | Target |
|---|---|---|
| GDPR | Aligned | Current |
| CCPA | Aligned | Current |
| SOC 2 Type II | Planned | Q4 2026 |
| ISO 27001 | Planned | 2027 |
| HIPAA | Not planned | - |
Request architecture notes, subprocessor details, controls, recovery targets, and the current compliance roadmap.
Contact security