Your compliance data, protected
We take security seriously. AuditDraft is built with enterprise-grade security practices to protect your sensitive compliance documentation.
Encryption
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Encrypted database backups
- Secure key management
Authentication
- Google OAuth 2.0 integration
- Secure session management
- Role-based access control (Viewer, Editor, Admin)
- API key authentication with scoping
Infrastructure
- Hosted on Vercel's edge network (SOC 2 Type II)
- Convex database with automatic backups
- DDoS protection via Cloudflare
- Automated vulnerability scanning
Audit & Monitoring
- SHA-256 hash chain audit trail
- Immutable audit logs for all actions
- Real-time anomaly detection
- Activity logging with user attribution
Compliance
- GDPR compliant data processing
- Data Processing Agreements available
- Right to data portability (export all data)
- Right to erasure (account deletion)
Application Security
- OWASP Top 10 protections
- Input validation and sanitization
- Content Security Policy headers
- Regular penetration testing
Data Residency
Your data is processed and stored using Convex's infrastructure in the United States. For EU customers, we provide Data Processing Agreements and rely on Standard Contractual Clauses for cross-border transfers. Enterprise customers can discuss custom data residency requirements with our team.
AI Data Handling
When you generate documents, your input is sent to Google's Gemini API. AI-generated outputs are stored in your organization's workspace. We do not use your data to train AI models. Your compliance documentation remains your intellectual property.
Responsible Disclosure
If you discover a security vulnerability, please report it to audit-support@omensystems.com. We commit to acknowledging reports within 24 hours and providing a resolution timeline within 72 hours.
Questions about security?
Enterprise customers can request our full security documentation.