Security at Wiplets
Your data is encrypted, isolated, and never sold. Here is exactly how we protect it.
Hosted on Vercel
Global edge network with automatic HTTPS, DDoS protection, and enterprise-grade uptime.
Supabase Postgres
Row-level security on every table. Your workspace data is isolated at the database layer.
Encrypted everywhere
AES-256 at rest, TLS 1.3 in transit. Every byte, every connection, no exceptions.
Compliance
SOC 2 Type II
In progressCertification underway. Our infrastructure providers (Vercel, Supabase, Liveblocks) are already SOC 2 Type II certified.
GDPR
CompliantPrivacy-by-design architecture. Data processing agreements with all sub-processors. Privacy policies auto-update across 30+ jurisdictions via Termly.
NCMEC ESP
ApprovedWiplets is a registered Electronic Service Provider with NCMEC for content safety reporting compliance.
How we handle your data
What we collect
Account info, workspace content you submit, and technical data needed to run the service. We never sell your data.
How long we keep it
Active data retained while your account is open. Deleted data purged within 30 days. Voice data has a 6-month maximum.
Who can access it
Row-level security isolates every workspace. Support access requires explicit authorization and is fully logged.
AI model usage
Work routes through Anthropic and OpenAI. Your data is never used to train their models. Provider agreements prohibit it.
Found a vulnerability?
We take every report seriously. Reach out and we will respond.