FixDocFixDoc

Security First

FixDoc is built from the ground up with financial-grade security. Your documents are protected by the same encryption and isolation standards used by major banking institutions.

Industry-Standard Encryption

  • Encrypted at rest -- all documents, parsed data, and database records are encrypted via Supabase on AWS infrastructure, using industry-standard encryption.
  • Encrypted in transit -- all communication between your browser and our servers is encrypted via TLS, enforced by our hosting and database providers.
  • Stripe PCI DSS Level 1 -- payment processing handled by Stripe, the most widely trusted payment provider for SaaS.

Complete Data Isolation

  • Row Level Security (RLS) -- every database query is enforced at the database level to ensure one organization can never access another's data.
  • Role-Based Access Control -- 7 configurable roles (Owner, Admin, Manager, Officer, Member, Viewer, Applicant) with granular permissions ensure team members only access what their role permits.
  • Audit trail -- key actions are logged with timestamp, user, and details. Available for compliance reviews and regulatory audits.

AI Data Sovereignty

  • Your data is never used to train AI models. Documents processed through our fraud engine and AI assistant are used solely for your verification results.
  • Enterprise-grade AI provider -- we use OpenAI's enterprise data use policy, which explicitly excludes customer data from model training.
  • Prompt versioning -- every fraud analysis run records the exact AI prompt version used, enabling full auditability and reproducibility.

Infrastructure

  • Supabase (SOC 2 Type II) -- database, authentication, and file storage on AWS infrastructure with automatic backups and point-in-time recovery.
  • Vercel Edge Network -- application delivered via global CDN with DDoS protection and automatic SSL.
  • CI/CD pipeline -- automated testing, type checking, and build verification on every deployment. Error tracking and monitoring planned for production release.

Compliance-Ready

FixDoc is designed to meet the security and auditability requirements of mortgage industry professionals. Our architecture supports:

  • Audit trail for regulatory compliance reviews
  • Data export capabilities for auditor access
  • Soft-delete and data retention support aligned with industry requirements
  • RBAC and RLS patterns ready for SOC 2 certification (planned)

Report a Security Issue

If you discover a security vulnerability, please report it responsibly to security@fixdoc.co. We take all reports seriously and will respond within 48 hours.