Trust

Said plainly, written down.

We are a small team. We have not pursued formal certification yet. Below is how we actually operate. No borrowed credentials, no false comfort.

Start free See pricing

Trust · plan coverage

ControlStarterProAgency

Encryption at restIn placeIn placeIn place

Encryption in transitTLSTLS · HSTSTLS · HSTS

Google sign in

Audit export·CSVCSV · JSON

Webhook events·

Workspace isolation

Where we stand today

What we do, what we do not.

Control

Status

Notes

Encryption in transit

In place

TLS on every endpoint, HSTS enforced

Encryption at rest

In place

Provided by our managed database and object storage

Read only integrations

In place

Smallest OAuth scope that reads the data

Workspace isolation

In place

Every query scoped by workspace

Audit log

In place

Every mutation recorded with actor and payload

Status page

In progress

Public page with per service uptime in the works

Third party certification

Not yet

We are small. Ask us for a questionnaire response and we will answer plainly

Bug disclosure

security@donum.club. We reply on the day

Audit log

TimeEventObjectActor

08:14:22approval.grantedMarch Investor UpdateAva · owner

08:12:06ai.generatedraft v3Donum AI · model v4

08:08:44edit.blockhighlights narrativeLiam · editor

08:00:01schedule.triggerworkflow wf_investor_monthlyScheduler

07:59:57source.refreshstripe · hubspot · ga4System

07:42:11delivery.sentrecipient ava@acme.vcNotifier

Every action in the platform is recorded in a workspace scoped audit log. Export to CSV or JSON any time. We build first, certify later.

Questions

The honest kind.

Are you SOC 2 certified?+

No, not yet. We are a small team and the audit process is expensive for our stage. We answer security questionnaires directly and we will tell you what we do and do not have.

Are you GDPR compliant?+

We follow the practices GDPR asks for - data minimization, scoped access, deletion on request, transparent sub processors - but we do not claim a certification we do not hold. Write to us for specifics.

Can I get a signed data processing agreement?+

We are happy to review yours. Send a draft to the contact address and we will respond within a few days.

How do you handle an incident?+

We write to every affected customer as soon as we confirm what happened. No template. No hiding behind legal language.

Ask us anything.

Email security Read security