Alethinx AI
Alethinx AI
trust
Report a Vulnerability
Trust Center
Security & Compliance
Built Into Every Layer
Alethinx AI is built for private equity deal teams, ETA searchers, and M&A professionals who demand enterprise-grade data security. Here's exactly how we protect your deals.
99.8%
avg uptime
AES-256
encryption
0
data breaches
Security Data Privacy Infrastructure SLA & Uptime Compliance Vulnerability Disclosure
🔐
Security
How we protect your deal data
🔒Active
Encryption at Rest
All deal data, user records, and AI-generated insights are encrypted at rest using AES-256 at rest across all data stores.
🛡️Active
Encryption in Transit
All data in transit is protected by TLS 1.3. HTTPS is enforced across all endpoints — no exceptions. Certificate management is fully automated.
👤Active
Row-Level Security
Row-level security is enforced on all database tables. Users can only access their own deal data — cross-tenant data access is architecturally prevented.
🔑Active
Authentication
Secure session management with cryptographically signed tokens. All sessions are scoped, signed, and expire automatically. No plaintext passwords are ever stored.
🤖Active
AI Prompt Security
All AI agent prompts are server-side only — never exposed to the client. Prompt injection protections are applied across all AI inference calls. User data is never used to train external AI models.
🔍In Progress
Penetration Testing
First external penetration test is scheduled for Q3 2026 with a certified third-party security firm. Results will be summarized and published here.
🕵️
Data Privacy
What we collect, how we use it, and your rights

Alethinx AI is designed with data minimization as a core principle. We collect only what is required to deliver deal intelligence services to you.

What we collect:

  • Account information (name, email, company)
  • Deal data you enter or import into the platform
  • Usage analytics (page views, feature interactions) — anonymized
  • Payment metadata via Stripe (we never see your full card number)

What we do not do:

  • We do not sell your data to third parties — ever
  • We do not use your deal data to train AI models
  • We do not allow advertisers to target you
  • We do not share your data with competitors or data brokers

Data residency: All data is stored and processed within the United States. EU users may request data residency options at privacy@alethinx.ai.

Retention: Active account data is retained for the duration of your subscription plus 90 days. On account deletion, all personal data is purged within 30 days. Deal records may be exported before deletion.

Your rights (CCPA / GDPR): You may request a full export, correction, or deletion of your data at any time by emailing privacy@alethinx.ai. We respond within 5 business days.

🏗️
Infrastructure
Our vendor stack and their security certifications
Vercel
Frontend hosting, edge CDN, serverless functions
SOC 2ISO 27001
United States / global CDN
Supabase
Managed database, authentication, and serverless infrastructure
SOC 2 Type II
United States
AI Inference Layer
Proprietary AI models powering all deal analysis, agent execution, and intelligent document processing
No training on dataServer-side only
United States
Stripe
Payment processing, subscription billing, invoicing
PCI DSS L1SOC 2
Global
Make.com
Workflow automation and integration infrastructure
GDPRISO 27001
EU / US
📊
SLA & Uptime Commitments
Our contractual uptime targets and actual performance

All Systems Operational

View real-time status, uptime calendars, and incident history

View System Status →
Service
SLA Target
90-Day Actual
Credit Policy
Deal Dashboard
99.5%
99.82%
10% credit if below target in any calendar month
Deal Genie (AI Scoring)
99.0%
99.64%
10% credit if below target in any calendar month
SEEKER AI
99.0%
99.71%
10% credit if below target in any calendar month
Authentication
99.5%
99.91%
10% credit if below target in any calendar month
AI Agents (all 7)
99.0%
99.6% avg
10% credit per affected agent per month
Stripe Billing
99.9%
99.94%
Governed by Stripe's own SLA
Compliance & Certifications
Current posture and roadmap
🔐In Progress
SOC 2 Type II
We are implementing SOC 2 Type II controls. Full audit is targeted for Q4 2026. Our infrastructure partners maintain SOC 2 certification.
🌍Active
GDPR Compliance
Data processing agreements are available on request. All user data access, export, and deletion requests are fulfilled within 5 business days via privacy@alethinx.ai.
🇺🇸Active
CCPA Compliance
California residents have full rights to access, correct, and delete their data. We do not sell personal information. Opt-out requests are honored within 15 days.
🏥Evaluating
HIPAA
Alethinx AI is a deal intelligence platform, not a healthcare data processor. HIPAA is not currently applicable. If your use case requires it, please contact us.
🐛
Vulnerability Disclosure
Found something? We want to know.

Responsible Disclosure Program

We appreciate the security community's efforts to help keep Alethinx AI safe. If you've discovered a potential security vulnerability, please report it responsibly. We commit to responding within 2 business days and resolving critical issues within 72 hours.

Quick Facts

Founded2026
IncorporatedDelaware C-Corp
Data locationNorth America
EncryptionAES-256 / TLS 1.3
Auth standardJWT / Signed Sessions
Data breaches0 ever
Sells user dataNever

Compliance Roadmap

GDPRActive
CCPAActive
SOC 2 Type IIQ4 2026
Pen TestingQ3 2026
ISO 270012027

Security Contacts

Security issues security@alethinx.ai
Privacy requests privacy@alethinx.ai
General support support@alethinx.ai
Legal / DPA requests legal@alethinx.ai

System Status

All Systems Operational
7 services · 0 active incidents
View Status Dashboard →