Security at Compresr

We take the security of your data seriously. Here's how we protect your information and maintain the highest security standards.

Compliance Status

SOC 2 Type II (In Progress)GDPR CompliantISO 22301 Aligned

Security Controls

Encryption

All data encrypted in transit (TLS 1.3) and at rest (AES-256). API keys and credentials stored using industry-standard encryption.

Infrastructure Security

Hosted on AWS with SOC 2 Type II certified infrastructure. Network segregation, firewall rules, and DDoS protection via Cloudflare.

Access Control

Role-based access control (RBAC), mandatory MFA for all team members, and principle of least privilege enforced.

Compliance

SOC 2 Type II audit in progress. GDPR compliant with data processing agreements available upon request.

Vendor Security

All third-party vendors assessed for security practices. We only use SOC 2 certified providers for critical services.

Data Residency

Data processed and stored in US-East (AWS). EU data processing available for enterprise customers upon request.

Our Security Practices

  • Regular penetration testing by independent security firms
  • Automated vulnerability scanning and dependency updates
  • Security incident response plan with defined SLAs
  • Employee security awareness training
  • Secure software development lifecycle (SSDLC)
  • Regular access reviews and audit logging
  • Business continuity and disaster recovery planning
  • 24/7 monitoring and alerting via Sentry and CloudWatch

How We Handle Your Data

Processing: Your content is processed in real-time through our compression models. We do not store the content of your requests unless explicitly enabled for debugging purposes.

Logging: We log metadata (timestamps, token counts, model used) for billing and analytics. Request content is never logged in production.

Retention: Usage logs are retained for 90 days. Account data is retained until account deletion plus a 30-day grace period.

Deletion: You can request complete data deletion at any time by contacting [email protected]. We comply within 30 days per GDPR requirements.

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue, please report it to:

[email protected]

We commit to acknowledging reports within 48 hours and providing updates on remediation progress.

Questions?

For security questionnaires, compliance documentation, or DPA requests, contact our team.

Contact Security Team