How Opisense keeps your data secure and compliant
Built for security, legal, and procurement teams.
Centralized security, privacy, and compliance information in one place — with clear links to policies, registers, and deeper technical detail.
At a glance
Compliance status
| Framework | Status |
|---|---|
Compliant | |
Compliant | |
In progress | |
Planned | |
Planned | |
Planned | |
Planned |
Statuses reflect our roadmap as of this page revision. Documentation is updated when milestones complete.
Documents & next steps
Where to start
Questionnaires & due diligence
Use the contact form for vendor security questionnaires and custom requests. We share what we can at the current maturity of our program.
Agreements, DPA & policies
Customer agreements, product terms, and archived legal documents live in the legal hub. Zero-retention and enterprise-specific terms are addressed in contracts where applicable.
Program overview
Opisense is building a security and compliance program aligned with leading standards such as SOC 2 and ISO 27001, with strong emphasis on privacy and transparent communication with customers.
- Centralized security ownership and incident process
- Secure-by-default infrastructure and deployment pipeline
- Privacy-by-design principles across products
- Documented internal procedures and training
Resources
Audit reports
- Future SOC 2 Type 2 report
- ISO certification reports
Legal
- Customer Agreements
- Policies & product terms
- Legal archive
Data & privacy
Data supported
Types of data that can be processed and stored in Opisense.
- Customer personally identifiable information (PII)
- Employee personally identifiable information (PII)
- Financial and billing information
Overview of how we handle customer data, apply GDPR principles, and document retention.
- Data retention processes established
- Data classification policy in place
- No customer data shared with advertising networks
Subprocessors
Current register · v1 · 3 March 2026
The table below reflects the “Current sub-processors” section of the Subprocessor Register v1 (last updated 3 March 2026). When we add or change sub-processors, we update the PDF and this page together.
The signed PDF remains the authoritative source. Open the register at /subprocessors.
| Sub-processor | Processing purpose | Data categories | Hosting location | Safeguards |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | All Customer Data categories | Frankfurt, Germany (EU) | GDPR-compliant DPA, SCCs where applicable |
| Clerk | Authentication and user management | User credentials, session data | USA with EU presence | SCCs, EU-US DPF |
| Stripe | Payment processing | Billing and payment data | EU and USA | SCCs, EU-US DPF, PCI DSS certified |
| Elevenlabs | Speech-to-text and text-to-speech processing | Voice data, content | USA | SCCs, EU-US DPF, zero-retention API |
| OpenAI | AI model inference for content generation, analysis and automation | User input, content data, AI-generated output | USA | SCCs, EU-US DPF, zero-retention API |
| Anthropic | AI model inference for content generation, analysis and automation | User input, content data, AI-generated output | USA | SCCs, EU-US DPF, zero-retention API |
| Vercel | Application hosting and edge delivery | Request metadata, IP addresses | USA | SCCs, EU-US DPF |
| Convex | Backend database and real-time data infrastructure | Application data, user data, content data | USA | SCCs, EU-US DPF |
| Ragie | Retrieval-augmented generation (RAG) infrastructure | Customer documents, indexed content | USA | SCCs, EU-US DPF |
| Recall | Meeting recording and transcription capture | Meeting audio, transcriptions, participant data | USA | SCCs, EU-US DPF |
| Composio | Integration orchestration platform | Integration data, user identifiers, workflow metadata | USA | SCCs, EU-US DPF |
| Resend | Transactional email delivery | Email addresses, email content | USA | SCCs, EU-US DPF |
| Axiom | Logging and observability | Platform logs, request metadata, user identifiers | USA | SCCs, EU-US DPF |
Controls
Key areas of our security and compliance program. Detailed mappings to specific frameworks will be added as certifications are completed.
View detailed controls- Infrastructure security
Hardened cloud infrastructure with network segmentation
- Organizational security
Employee onboarding and security training
- Product security
Secure development lifecycle practices
- Internal security procedures
Incident response plan and runbooks
- Data and privacy
GDPR-aligned processing and data subject rights flows
FAQ
Common questions from security, legal, and procurement teams.
Further questions? Contact us via our contact form.
Updates
This page will be updated as we reach new milestones in our compliance roadmap and publish new documentation.
- In progress: SOC 2 Type 2 audit and ISO certification program.
- Available: Subprocessor register and Security whitepaper