Security & Compliance

Enterprise-grade security. By default.

Your company data is sensitive. We treat it that way. Hoponai is built on battle-tested infrastructure with security at every layer.

🔒
SOC 2 Type II
In progress
🇪🇺
GDPR Compliant
EU data handling
🛡️
256-bit Encryption
Data at rest & in transit
99.9% Uptime
SLA guaranteed

Infrastructure & Data Handling

Hosting & Infrastructure

Application hosted on Vercel (SOC 2 Type II certified, ISO 27001)
Database hosted on Supabase (SOC 2 Type II certified, built on AWS)
Authentication managed by Clerk (SOC 2 Type II certified)
All infrastructure runs on AWS with data centers in the US and EU

Data Encryption

All data encrypted in transit using TLS 1.3
All data encrypted at rest using AES-256
Database connections use SSL certificates
API keys and secrets stored in encrypted environment variables

Access Control

Role-based access control (RBAC) for all users
Organization-level data isolation - no cross-tenant access
SSO/SAML support available on Enterprise plans
Audit logging of all administrative actions

Data Privacy

We never use your company data to train AI models
Your data is never shared with third parties
Data deletion available upon request or contract termination
GDPR-compliant data processing agreements available

Browser Extension Security

Chrome extension operates with minimal required permissions
No data is stored locally on the user's machine
All recorded walkthrough data is transmitted over encrypted channels
Extension code is reviewed and published through Chrome Web Store

Have security questions?

We're happy to walk through our security practices, provide our SOC 2 report, or complete your vendor security questionnaire.

Contact Security Team