| Data we collect | Customer prompts, customer brand identifiers, crawled public web content (per /crawler) |
|---|
| Data we don't collect | Customer-identifying personal data, paywalled content, content blocked by robots.txt |
|---|
| Where data is stored | Hetzner (EU — Falkenstein), Cloudflare R2 (EU). Postgres 16 with pgcrypto for sensitive fields |
|---|
| Encryption | TLS 1.3 in transit, AES-256 at rest |
|---|
| Access controls | Tailscale-only admin SSH, no public SSH. Two-factor auth on all human accounts |
|---|
| Backups | Hetzner daily 7-day retention + weekly pg_dump to Cloudflare R2 |
|---|
| Compliance | GDPR (UK + EU), DPA available on request. Not yet SOC 2 |
|---|
| Crawler | We operate one crawler, documented at /crawler |
|---|
| Security disclosure | security@rectifies.io |
|---|