Trust Center
Your Data. Your Control. Your Peace of Mind.
Akradan is built on transparency and security. Here's exactly how we protect you.
How We Protect Your Data
Data Encryption
All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256. Both layers are always active — there is no unencrypted path to your data.
Infrastructure
Akradan runs on Supabase Pro (PostgreSQL) and Vercel for frontend deployments. We do not run our own bare-metal servers. Both providers maintain their own security certifications and DDoS protection.
Access Control
Only authorized Akradan employees can access production databases, and only with full audit logging. We use role-based access control (RBAC). Employees cannot see user conversations or documents without explicit reason and logged authorization.
Backup & Disaster Recovery
All data is backed up daily across multiple regions. Your lifetime storage promise means we take backups seriously. In the event of a disaster, we can restore data within hours.
Your Data Is Yours Alone
Akradan does NOT train AI models on your data.
This is a promise, not a policy change.
What We Collect
We collect: your account info, project names, storage usage, feature usage (which buttons you click). We do NOT collect: conversation content, document text, or knowledge base contents.
Who Can See Your Data
Only you and people you invite can see your projects and conversations. Akradan employees cannot access your data without explicit authorization. Shared documents require a passcode.
Data Retention
Your data is stored for life. Even if you delete a project, we keep a backup for 90 days in case of accidental deletion. After that, data is permanently deleted. You choose when to delete — we don't delete for you unless you request it.
Third Parties
We use Supabase (database), OpenRouter (model routing — your own key), Vercel (frontend), and Stripe (billing only). All sign our DPA. We do NOT share user data with any other third parties. We do NOT sell data.
Standards & Certifications
GDPR
CompliantAkradan is GDPR compliant. EU residents have the right to access, export, or delete their data. We have a Data Processing Agreement available for enterprise customers.
Request Data Processing Agreement →SOC 2 Type II
In ProgressWe are pursuing SOC 2 Type II certification, which covers security, availability, and confidentiality of customer data.
HIPAA-Relevant
BAA AvailableWhile Akradan is not HIPAA-certified, it is designed to handle sensitive data. Healthcare professionals can use Akradan for case notes and research. We can sign Business Associate Agreements (BAAs) for healthcare organizations.
Request a BAA →Industry Standards
ActiveAkradan follows OWASP Top 10 security best practices, industry-standard encryption (TLS 1.3, AES-256), regular penetration testing, and secure coding practices with mandatory code review.
How Your Data Moves & Stays Safe
Conversation History
Every conversation you have is stored permanently in your workspace. You can search, export, or delete conversations anytime. Conversations are encrypted at rest and in transit.
Document & File Storage
When you upload a PDF, image, or document to your knowledge base: it's scanned for malicious content, encrypted and stored on Supabase, converted to embeddings for semantic search, and can be permanently deleted anytime. Embeddings are encrypted and only used for search within your workspace.
Shared Documents
When you share a document with a passcode link: only people with the 5-digit code can access it. We log how many times it was viewed, which IPs accessed it, and general location. You can revoke access anytime. Recipients cannot download a copy — view-only.
AI Model Interactions
When you ask a model a question: your question is sent to OpenRouter (the API you connected), which routes it to the model provider. The response is stored in your conversation history. Akradan does not see the content of your conversation — we only see that it happened. Bring-your-own-key means you control everything.
Knowledge Base & RAG
Documents are chunked and converted to embeddings stored with encryption. Search happens within your workspace only. Documents are never shared with AI model providers. Only people in your project can search your knowledge base.
If Something Goes Wrong
Security Incident
- 1Detect and contain the issue within 4 hours
- 2Notify affected users within 24 hours
- 3Post a public update on our status page
- 4Conduct a post-mortem and publish lessons learned
Data Breach
- 1Notify all affected users immediately with details of what was accessed
- 2Offer service credit as compensation
- 3Publish a full transparency report
- 4Report to regulatory bodies as required (GDPR authorities, etc.)
Your Responsibilities
- 1Keep your OpenRouter API key secure — don't share it
- 2Manage access to your projects — only invite people you trust
- 3Report suspicious activity to security@akradan.com
- 4Review shared document access logs regularly
Common Questions
Everything you need to know about how Akradan handles your data and protects your privacy.
Email trust@akradan.comStill have questions? Contact our trust team.
We respond to all security and privacy inquiries within 24 hours.
Email trust@akradan.com