Trust & Security

Your content is your edge. We treat it that way.

DesignTech AI runs on managed, enterprise infrastructure with tenant isolation, role-based access, and clear data ownership, so your team can move fast without putting that edge at risk.

The measures

How we keep your content secure

The concrete controls in place today, described plainly. No certification we don't hold is claimed.

dns

Enterprise infrastructure

The platform runs entirely on managed, audited providers, each of which maintains its own public trust center and independent certifications.

  • checkApplication hosting on Render
  • checkManaged PostgreSQL on Supabase
  • checkFile storage on Google Cloud Storage
  • checkAI execution on Google Vertex AI
shield_lock

Tenant isolation

Every organization's data is separated at the database with PostgreSQL Row-Level Security, enforced on every query. Your content powers your workspace only.

  • checkRow-Level Security on all tenant data
  • checkOrganization scoping in the app and storage layers
  • checkIsolation verified by an automated check in our build
key

Identity & access

Authentication is handled by Auth0. Access is role-based: users resolve to super admin, organization admin, or member, with permissions scoped to their organization.

  • checkAuth0-backed authentication
  • checkRole-based access control
  • checkPermissions keyed to your organization role
smart_toy

Controlled AI processing

AI requests go directly to Google Vertex AI with no third-party routing intermediary. Enterprise model services do not use your prompts or content to train their models.

  • checkNo third-party routing of AI requests
  • checkYour data is not used to train public models
  • checkExecution logs are short-lived and redacted for secrets
verified_user

You own your output

Everything produced in your workspace is yours to use, publish, edit, and keep. Your content, brand, and source material stay inside your tenant.

  • checkOutputs are yours to use and publish
  • checkYour sources never cross into another tenant
  • checkExport your content and assets at any time
policy

Clear data handling

We collect what we need to run the service and nothing we can't explain. Our Privacy Policy sets out what we store, why, and how to reach us about your data.

  • checkPlain-language Privacy Policy
  • checkData Processing Agreement available on request
  • checkA real person answers security questions

Where we are on formal compliance

We believe in being straight with security teams. Here is the honest status of our certifications and what's underway, as an early-stage company.

  • checkBuilt on certified infrastructure. Google Cloud, Supabase, and Render each maintain their own independent certifications (such as SOC 2 and ISO 27001) for the layers they operate.
  • scheduleDesignTech AI's own SOC 2 is in progress. We are not yet independently certified at the application level. We will not claim a certification we do not hold; ask us for the current status.
  • checkSecurity review welcome. We're happy to complete questionnaires and provide our written security posture for your procurement process.
  • checkDPA available. A Data Processing Agreement is available on request for teams that need one in place.

Have a question for your security team?

Bring it to a demo, or email us directly. We'll give you straight answers and the documentation you need.

arrow_forwardRequest a demo mailEmail [email protected]