Propolyx.

Trust center

Trust, in writing.

Everything you need to take Propolyx through your procurement security review — in one place. Need something you don't see here? Email security@propolyx.com and we'll send it within one business day.

Subprocessors

Who touches your data.

The current list of third-party providers that may process customer data on Propolyx's behalf. We provide 30 days' notice for any additions via security@propolyx.com.

ProviderPurposeRegion
Amazon Web ServicesPrimary infrastructure (compute, storage, AI)US-East / EU-West
VercelEdge hosting + serverless functionsGlobal edge network
AnthropicFoundation model inference via AWS BedrockUS-East
SentryError monitoring + correlation IDsUS-East
ResendTransactional emailUS-East
Data residency

Three regions. Your choice on Enterprise.

  • US Federal · AWS GovCloud (US-East) · for federal contractors
  • EU GDPR · AWS eu-west-1 (Ireland) · for European tenants
  • Canada PIPEDA · AWS ca-central-1 (Montréal) · for Canadian tenants
Personnel

The humans behind the system.

Every Propolyx engineer goes through a background check before touching production. Production access is least-privilege, expires on a rolling schedule, and requires hardware-backed MFA. Annual security training is mandatory; quarterly tabletop exercises drill incident response.