Security & Trust

Your Brand Data Is Protected

Your brand strategy is your competitive advantage. We protect it with the same care you put into building it.

How We Think About Security

Eklipsa handles sensitive brand strategy data — your positioning, competitive landscape, voice guidelines, and visual direction. We treat this data as what it is: the foundation of your brand. Every decision we make about infrastructure, access, and AI integration starts from that understanding.

Current Security Posture Snapshot

Last verified: March 2026

HTTPS enforced with HSTS and secure response headers (CSP, frame protections, MIME protections)

Role-based access patterns with row-level data isolation for customer data in core application tables

Stripe-hosted checkout and billing flows for payment collection

Signed webhook processing for billing event integrity

Managed cloud infrastructure with automated redundancy and backups

Continuous hardening based on automated security advisor findings

Security controls evolve over time as infrastructure and threat models change. We continuously review and harden controls as part of normal operations.

SECURITY PRACTICES

How We Protect Your Data

Your Brand Intelligence, workshop answers, and generated content are safeguarded with established practices.

Encryption

All data is encrypted in transit (TLS 1.2+) and at rest. Your brand strategy, workshop answers, and generated content are protected at every stage.

Access Controls

Secure authentication with role-based access. Only authorized team members can view and modify your Brand Intelligence.

Ongoing Security Reviews

We run ongoing security reviews and infrastructure checks to keep our controls aligned with current best practices.

AI Data Usage

Your brand data powers your Brand Intelligence — never third-party model training. You control what your data does.

Data Residency

Your data is stored in secure, managed infrastructure with redundancy and automated backups to prevent data loss.

Incident Response

We have documented incident response procedures. If a security event occurs, we communicate promptly and transparently.

AI & YOUR DATA

How We Handle AI and Your Data

Your brand data powers your Brand Intelligence — and nothing else.

Your Data Stays Yours

Brand Intelligence, workshop answers, and generated content are used only to power your experience — never sold, shared, or used to train third-party models.

No Cross-Account Learning

Your brand context is isolated to your account. One brand's intelligence never influences another brand's outputs.

Established AI Providers

We use established AI infrastructure providers under data processing terms. Your data is processed to deliver your experience and handled under provider and platform retention controls.

You own your data. Always.

Export or delete your data at any time. If you cancel, your data is removed according to our retention policy — no lock-in, no hostage data.

STANDARDS

Security Practices We Follow

Encryption at rest and in transit (TLS 1.2+)

Role-based access controls and row-level data isolation

Security headers including CSP, HSTS, and frame protections

Ongoing security reviews and infrastructure checks

Secure software development lifecycle

Vendor security review for third-party integrations

Trust is earned through consistency — in how we build, how we protect your data, and how we communicate.

For full details, see our Privacy Policy and Terms of Service.

FAQ

Common Security Questions

Direct answers to what founders and strategists ask most.