Security & trust

A data-protection tool has to protect data first

You're trusting Slopfence with your most sensitive prompts. Here's exactly how we're built to keep them safe — and how we handle, store and secure your data.

Scanning happens client-side

Prompts and files are evaluated at the browser boundary. There is no MITM proxy and no rerouting of your traffic through Slopfence to inspect it.

Prompt content isn't retained

Full prompt and file content is evaluated for rule matches and then discarded. Only the matched rule name, action taken, timestamp, and a short metadata snippet are written to your audit log.

Encrypted in transit and at rest

All traffic uses TLS 1.2+. Audit records and configuration are encrypted at rest in our managed database.

Org-scoped isolation

Every record — policies, logs, alerts — is scoped to your organisation and never shared across tenants. Access is authenticated and least-privilege.

Least-data by design

We collect the minimum needed to enforce your policies and produce an audit trail: rule metadata, matched snippets, timestamps, and user identifiers.

You stay in control

Deploy through your own MDM, scope which domains are inspected, choose block vs. log per rule, and export or delete your data on request.

Compliance

Certifications & standards

SOC 2 Type II

Audit underway — report available under NDA

◔ In progress

ISO 27001

On the 2025 roadmap

◔ In progress

GDPR

EU-hosted; DPA available on request

✓ Active

CCPA

Data-subject requests honoured

✓ Active

Transparency

Sub-processors

The core third parties in our processing path. A current list is maintained here and in your DPA.

Cloud hosting (EU region)Application and database hosting
ClerkAuthentication & session management
UpstashRate limiting & ephemeral caching
ResendTransactional email
HubSpot (EU)CRM & website analytics (consent-gated)

Report a vulnerability

Found a security issue? We want to hear about it. Email [email protected] — we respond to every report and won't pursue good-faith researchers.

Need our DPA, security whitepaper, or SOC 2 report? Contact us.

Security you can hand to your CISO

Get the documentation, see the architecture, and deploy on your terms. Talk to us about your requirements.

Get started

We use cookies for analytics and to run our live chat. You can accept, or continue with only what's essential. Privacy policy.