Security and Trust

• Workspace isolation: Your organization's data is isolated from other customers at the application and database layers.

• Role-based access: Only users you approve can access your workspace.

• Encryption: Data is encrypted in transit (TLS) and at rest with database-level encryption.

• Audit logs: Security-relevant events and administrative actions are logged and can be reviewed in your account settings.

• Session management: View and revoke active sessions from your security settings.

• Retention: We keep data only as long as needed to provide the service. System logs and backups follow defined retention windows.

• Export: You can request exports through your account administrator.

• Deletion: You can request deletion of specific datasets or your entire organization. Requests are processed promptly; backup copies age out on a rolling schedule.

If you have compliance timelines, let us know - we can work with your requirements.

• SOC 2: In progress. Contact us for a current status update or to discuss specific compliance requirements.

• Subprocessors: We use a limited set of infrastructure and service providers. A summary list is available on request.

• Investigation and notification: If a security incident is suspected, we investigate and communicate with impacted customers according to our incident response procedures.

• Vulnerability reporting: Vulnerabilities can be reported through your support channel; we prioritize reports with clear reproduction steps.

• Internal models: Alpaka uses internal models to analyze your data and generate recommendations.

• No external AI providers: Your data is never sent to third-party AI services (OpenAI, Anthropic, and others).

• No cross-workspace data sharing: Your data is not used to train models or shared with other customers.

• Consent addendum: If your organization has AI-use restrictions, we can provide a plain-language consent addendum for your review.