Secari Square · Security & trust
Pilot-stage: SOC 2 Type I is on our Year 1 roadmap. Today we ship tenant isolation, encryption, audit logging, a DPA, and a clear policy that we do not train on your documents.
Controls in place today
Each operator organization is scoped separately. Mission data, vault files, obligations, and audit events are not shared across customers.
Data in transit uses TLS. Data at rest uses provider-grade encryption on database and file storage.
Uploads, status changes, and dossier exports are logged with actor and timestamp for GC review.
Production credentials are scoped to required services only. Administrative access is limited and reviewed.
Your FCC grants, NOAA licenses, debris plans, and evidence files are not used to train models unless you explicitly opt in.
Secari proposes structure from your documents; counsel approves. We do not issue automated “compliant / not compliant” determinations.
Pilot program
First-adopter pilots include the documentation your GC and security team need to approve a workflow tool that holds FCC grants, NOAA licenses, and insurer evidence.
Certification roadmap
Pilot (now)
SOC 2 is not required to start. We provide security documentation, a DPA, and direct answers for your legal and security reviewers.
Year 1 — Type I
Begin SOC 2 readiness when we have paying production customers or a deal requires formal vendor certification. Type I confirms controls are designed appropriately.
Year 1–2 — Type II
Type II observation period for larger operators, insurer-channel partners, and enterprise procurement that require ongoing control effectiveness.
Subprocessors
Secari runs on established cloud providers. We maintain a current subprocessor list for vendor review and update customers before material changes.
| Provider | Purpose | Data categories |
|---|---|---|
| Vercel | Application hosting and edge delivery | Application traffic, session metadata |
| Supabase | Authentication, database, and file storage | Account data, compliance records, uploaded PDFs and evidence |
| Resend | Transactional email (pilot notifications and reminders) | Email address, message content for system notifications |
GC FAQ
No. Most design-partner pilots proceed with our security overview, DPA, and answers to your vendor questionnaire. SOC 2 Type I is planned for Year 1 as we move from pilot to production.
License instruments (FCC grants, NOAA licenses, debris plans), obligation and filing metadata, uploaded evidence (conjunction reports, ephemeris, SSA attestations), and an immutable audit log of user actions.
No. Secari is compliance workflow software. Your counsel remains responsible for legal interpretation and regulatory submissions.
Document import uses read-only, folder-scoped access when enabled. You choose which folder Secari may read; we do not request full account access.
Email our team at the address below. We will share the security pack and schedule a call with your GC or security lead if needed.
Security contact: [email protected]