Secarifirst adopter pilot now openApply for pilot

Secari Square · Security & trust

Built for GCs who store license history in one place.

Pilot-stage: SOC 2 Type I is on our Year 1 roadmap. Today we ship tenant isolation, encryption, audit logging, a DPA, and a clear policy that we do not train on your documents.

Controls in place today

What we protect and how

Tenant isolation

Each operator organization is scoped separately. Mission data, vault files, obligations, and audit events are not shared across customers.

Encryption

Data in transit uses TLS. Data at rest uses provider-grade encryption on database and file storage.

Audit trail

Uploads, status changes, and dossier exports are logged with actor and timestamp for GC review.

Least-privilege access

Production credentials are scoped to required services only. Administrative access is limited and reviewed.

No training on customer documents

Your FCC grants, NOAA licenses, debris plans, and evidence files are not used to train models unless you explicitly opt in.

Human-in-the-loop

Secari proposes structure from your documents; counsel approves. We do not issue automated “compliant / not compliant” determinations.

Pilot program

What you get before SOC 2

First-adopter pilots include the documentation your GC and security team need to approve a workflow tool that holds FCC grants, NOAA licenses, and insurer evidence.

  • Standard data processing agreement (DPA) for pilot customers
  • Security overview for your GC or infosec review
  • Vendor questionnaire support (SIG Lite / custom security forms)
  • Subprocessor list with purpose and data categories
  • Incident notification commitment in the DPA

Certification roadmap

SOC 2 timeline

Pilot (now)

SOC 2 is not required to start. We provide security documentation, a DPA, and direct answers for your legal and security reviewers.

Year 1 — Type I

Begin SOC 2 readiness when we have paying production customers or a deal requires formal vendor certification. Type I confirms controls are designed appropriately.

Year 1–2 — Type II

Type II observation period for larger operators, insurer-channel partners, and enterprise procurement that require ongoing control effectiveness.

Subprocessors

Infrastructure partners

Secari runs on established cloud providers. We maintain a current subprocessor list for vendor review and update customers before material changes.

ProviderPurposeData categories
VercelApplication hosting and edge deliveryApplication traffic, session metadata
SupabaseAuthentication, database, and file storageAccount data, compliance records, uploaded PDFs and evidence
ResendTransactional email (pilot notifications and reminders)Email address, message content for system notifications

GC FAQ

Common security questions

Do you need SOC 2 to start a pilot?

No. Most design-partner pilots proceed with our security overview, DPA, and answers to your vendor questionnaire. SOC 2 Type I is planned for Year 1 as we move from pilot to production.

What data does Secari store?

License instruments (FCC grants, NOAA licenses, debris plans), obligation and filing metadata, uploaded evidence (conjunction reports, ephemeris, SSA attestations), and an immutable audit log of user actions.

Are you a law firm or filing agent?

No. Secari is compliance workflow software. Your counsel remains responsible for legal interpretation and regulatory submissions.

Can we connect Google Drive or Dropbox?

Document import uses read-only, folder-scoped access when enabled. You choose which folder Secari may read; we do not request full account access.

Who do we contact for security review?

Email our team at the address below. We will share the security pack and schedule a call with your GC or security lead if needed.

Security contact: [email protected]