Security & trust
A data-protection tool has to protect data first
You're trusting Slopfence with your most sensitive prompts. Here's exactly how we're built to keep them safe — and how we handle, store and secure your data.
Scanning happens client-side
Prompts and files are evaluated at the browser boundary. There is no MITM proxy and no rerouting of your traffic through Slopfence to inspect it.
Prompt content isn't retained
Full prompt and file content is evaluated for rule matches and then discarded. Only the matched rule name, action taken, timestamp, and a short metadata snippet are written to your audit log.
Encrypted in transit and at rest
All traffic uses TLS 1.2+. Audit records and configuration are encrypted at rest in our managed database.
Org-scoped isolation
Every record — policies, logs, alerts — is scoped to your organisation and never shared across tenants. Access is authenticated and least-privilege.
Least-data by design
We collect the minimum needed to enforce your policies and produce an audit trail: rule metadata, matched snippets, timestamps, and user identifiers.
You stay in control
Deploy through your own MDM, scope which domains are inspected, choose block vs. log per rule, and export or delete your data on request.
Compliance
Certifications & standards
SOC 2 Type II
Audit underway — report available under NDA
ISO 27001
On the 2025 roadmap
GDPR
EU-hosted; DPA available on request
CCPA
Data-subject requests honoured
Transparency
Sub-processors
The core third parties in our processing path. A current list is maintained here and in your DPA.
Report a vulnerability
Found a security issue? We want to hear about it. Email [email protected] — we respond to every report and won't pursue good-faith researchers.
Need our DPA, security whitepaper, or SOC 2 report? Contact us.
Security you can hand to your CISO
Get the documentation, see the architecture, and deploy on your terms. Talk to us about your requirements.
Get started