Trust center
Trust, in writing.
Everything you need to take Propolyx through your procurement security review — in one place. Need something you don't see here? Email security@propolyx.com and we'll send it within one business day.
Security →
Customer-managed KMS, tenant-isolated S3 prefixes, scoped IAM, 24/7 SOC.
Privacy →
Customer data is never used to train shared models. GDPR-aligned DPA available.
Residency →
US, EU, and Canadian residency available on Enterprise plans.
Personnel →
Background checks, least-privilege access, annual security training.
Subprocessors
Who touches your data.
The current list of third-party providers that may process customer data on Propolyx's behalf. We provide 30 days' notice for any additions via security@propolyx.com.
| Provider | Purpose | Region |
|---|---|---|
| Amazon Web Services | Primary infrastructure (compute, storage, AI) | US-East / EU-West |
| Vercel | Edge hosting + serverless functions | Global edge network |
| Anthropic | Foundation model inference via AWS Bedrock | US-East |
| Sentry | Error monitoring + correlation IDs | US-East |
| Resend | Transactional email | US-East |
Three regions. Your choice on Enterprise.
- • US Federal · AWS GovCloud (US-East) · for federal contractors
- • EU GDPR · AWS eu-west-1 (Ireland) · for European tenants
- • Canada PIPEDA · AWS ca-central-1 (Montréal) · for Canadian tenants
The humans behind the system.
Every Propolyx engineer goes through a background check before touching production. Production access is least-privilege, expires on a rolling schedule, and requires hardware-backed MFA. Annual security training is mandatory; quarterly tabletop exercises drill incident response.