Security & Compliance
Tenant isolation
Every customer (architecture firm or school district) is a separate tenant in our system, scoped via Clerk Organizations. Every database query filters by tenant_id. Postgres Row Level Security is on the roadmap as defense-in-depth.
Authentication
Clerk handles authentication. Organization mode is required — every user belongs to a tenant. SAML SSO available on Enterprise. MFA required for ADMIN role.
Storage
Project documents stored in private Vercel Blob — requires authenticated SDK access via BLOB_READ_WRITE_TOKEN. URLs are not publicly fetchable. Database hosted on Neon (Postgres) with TLS in transit, AES-256 at rest.
LLM inference
All LLM calls go through AWS Bedrock (us-west-2) with Anthropic Claude models. No data is sent to model providers outside Bedrock. PII redaction layer (Microsoft Presidio) runs before any prompt is dispatched. Prompts and responses are hashed (SHA-256) and stored in our audit log; raw content is not retained beyond customer document storage.
Audit log
Every LLM call, signature event, document upload, and project status change is logged with tenant ID, user ID, model ID, prompt version, token counts, and latency. Retained 7 years for legal defensibility.
Attestation gate
Every Verified Report signing requires explicit acknowledgment of a 5-item attestation checklist citing CCR Title 24 §4-336 / §4-214 verbatim, persisted with timestamp and user ID. No print-ready PDF is generated until acknowledged.
Network
HSTS headers enforced. CSP headers restrict script sources. Rate limiting via Vercel edge. DDoS protection via Vercel.
Penetration testing
Initial penetration test scheduled for 60 days post-launch. Annual recurring tests thereafter.
Incident response
Customers will be notified within 72 hours of any confirmed breach affecting their data, per DPA terms.
Contact
security@dsacloseout.com