Trust Center

Your Data. Your Control. Your Peace of Mind.

Akradan is built on transparency and security. Here's exactly how we protect you.

How We Protect Your Data

Data Encryption

All data in transit is encrypted with TLS 1.3. Data at rest is encrypted with AES-256. Both layers are always active — there is no unencrypted path to your data.

Infrastructure

Akradan runs on Supabase Pro (PostgreSQL) and Vercel for frontend deployments. We do not run our own bare-metal servers. Both providers maintain their own security certifications and DDoS protection.

Access Control

Only authorized Akradan employees can access production databases, and only with full audit logging. We use role-based access control (RBAC). Employees cannot see user conversations or documents without explicit reason and logged authorization.

Backup & Disaster Recovery

All data is backed up daily across multiple regions. Your lifetime storage promise means we take backups seriously. In the event of a disaster, we can restore data within hours.

Your Data Is Yours Alone

Akradan does NOT train AI models on your data.

This is a promise, not a policy change.

What We Collect

We collect: your account info, project names, storage usage, feature usage (which buttons you click). We do NOT collect: conversation content, document text, or knowledge base contents.

Who Can See Your Data

Only you and people you invite can see your projects and conversations. Akradan employees cannot access your data without explicit authorization. Shared documents require a passcode.

Data Retention

Your data is stored for life. Even if you delete a project, we keep a backup for 90 days in case of accidental deletion. After that, data is permanently deleted. You choose when to delete — we don't delete for you unless you request it.

Third Parties

We use Supabase (database), OpenRouter (model routing — your own key), Vercel (frontend), and Stripe (billing only). All sign our DPA. We do NOT share user data with any other third parties. We do NOT sell data.

Standards & Certifications

GDPR

Compliant

Akradan is GDPR compliant. EU residents have the right to access, export, or delete their data. We have a Data Processing Agreement available for enterprise customers.

Request Data Processing Agreement

SOC 2 Type II

In Progress

We are pursuing SOC 2 Type II certification, which covers security, availability, and confidentiality of customer data.

HIPAA-Relevant

BAA Available

While Akradan is not HIPAA-certified, it is designed to handle sensitive data. Healthcare professionals can use Akradan for case notes and research. We can sign Business Associate Agreements (BAAs) for healthcare organizations.

Request a BAA

Industry Standards

Active

Akradan follows OWASP Top 10 security best practices, industry-standard encryption (TLS 1.3, AES-256), regular penetration testing, and secure coding practices with mandatory code review.

How Your Data Moves & Stays Safe

Conversation History

Every conversation you have is stored permanently in your workspace. You can search, export, or delete conversations anytime. Conversations are encrypted at rest and in transit.

Document & File Storage

When you upload a PDF, image, or document to your knowledge base: it's scanned for malicious content, encrypted and stored on Supabase, converted to embeddings for semantic search, and can be permanently deleted anytime. Embeddings are encrypted and only used for search within your workspace.

Shared Documents

When you share a document with a passcode link: only people with the 5-digit code can access it. We log how many times it was viewed, which IPs accessed it, and general location. You can revoke access anytime. Recipients cannot download a copy — view-only.

AI Model Interactions

When you ask a model a question: your question is sent to OpenRouter (the API you connected), which routes it to the model provider. The response is stored in your conversation history. Akradan does not see the content of your conversation — we only see that it happened. Bring-your-own-key means you control everything.

Knowledge Base & RAG

Documents are chunked and converted to embeddings stored with encryption. Search happens within your workspace only. Documents are never shared with AI model providers. Only people in your project can search your knowledge base.

If Something Goes Wrong

Security Incident

  • 1Detect and contain the issue within 4 hours
  • 2Notify affected users within 24 hours
  • 3Post a public update on our status page
  • 4Conduct a post-mortem and publish lessons learned
security@akradan.com

Data Breach

  • 1Notify all affected users immediately with details of what was accessed
  • 2Offer service credit as compensation
  • 3Publish a full transparency report
  • 4Report to regulatory bodies as required (GDPR authorities, etc.)
security@akradan.com

Your Responsibilities

  • 1Keep your OpenRouter API key secure — don't share it
  • 2Manage access to your projects — only invite people you trust
  • 3Report suspicious activity to security@akradan.com
  • 4Review shared document access logs regularly

Common Questions

Everything you need to know about how Akradan handles your data and protects your privacy.

Email trust@akradan.com

Still have questions? Contact our trust team.

We respond to all security and privacy inquiries within 24 hours.

Email trust@akradan.com