Built for the teams that cannot move fast on security.
SOC 2 Type II + ISO 27001 audited. Every subprocessor, every incident, every model provider — disclosed in plain English. The same Trust Center we hand to procurement teams at funds and federal agencies.
The standards your procurement team is asking about.
Most are issued. Two are in progress with active audits — the dates below are when we expect a stamp, not when we plan to start.
Audited annually for security, availability, processing integrity, confidentiality, and privacy.
Information security management system aligned with the international standard for systems operating financial-grade data.
Privacy information management extension to ISO 27001. Audit in progress, expected complete Q3 2026.
EU General Data Protection Regulation. EU-hosted data residency available · DPA pre-signed for institutional customers.
California Consumer Privacy Act + Privacy Rights Act compliance. Privacy notice updated quarterly.
Business Associate Agreements available for healthcare-adjacent customers. Encrypted PHI handling on enterprise tier.
Card data is never stored on our servers — processed entirely through PCI-Level 1 payment processors.
FedRAMP Moderate authorization in active assessment for federal-agency customers. Sponsor pending.
Every service. Every minute.
Updated in real time from the same monitors our on-call rotation uses. Each bar is one day. Click any service for a full incident timeline.
What happens to your data, technically.
The questions we get from procurement teams, answered up front. If something here does not match a control your auditor needs, talk to our security team — we will bridge it.
Storage & residency
All customer data is encrypted at rest with AES-256-GCM. EU and US data-residency options on enterprise tier — your records never leave the region you select.
- Encryption at restAES-256-GCM
- Encryption in transitTLS 1.3
- EU residencyeu-central-1 · Frankfurt
- US residencyus-east-1 · Virginia
- Backups7-day point-in-time
Access & authentication
SSO via SAML 2.0 and OIDC on growth+ tiers. SCIM provisioning on enterprise. All admin actions are logged immutably and exportable to your SIEM.
- SSOSAML 2.0 · OIDC
- MFARequired · TOTP + WebAuthn
- SCIMEnterprise tier
- Audit log retention7 years
- SIEM exportSplunk · Datadog · custom
Retention & deletion
You own your data. Export everything to JSON, CSV, or PDF at any time. Hard deletion within 30 days of termination — verified by post-deletion audit.
- Export formatsJSON · CSV · PDF · API
- Termination noticeNo notice required
- Soft delete window30 days
- Hard deletionVerified via audit
- Backups purgedWithin 90 days
How we use AI. What we never do with it.
We build with frontier models. We are also fiduciaries to our customers' data. The first list below is everything we use AI for in the product. The second is everything we do not — by contract, not by promise. If a use case ever moves from list two to list one, we will publish a changelog and notify customers 60 days before it ships.
- Pre-fill incentive applications using a project profile you provided
- Match projects to programs from a curated, human-reviewed database
- Summarize program documents and extract key dates, amounts, and eligibility tests
- Suggest narrative language for application sections — flagged for your review
- Surface deadline risk and capital-call dependencies
- Train any model — ours or a third party's — on your customer data
- Send your data to a model provider that retains prompts (zero-retention contracts)
- Submit applications without a human review and approval step
- Make legal, tax, or financial determinations on your behalf
- Use your data to improve features for other customers
Every third party with access to your data.
Updated within 30 days of any change. Customers on the email-list-of-record are notified 30 days before a new subprocessor goes live.
Every incident. Plain English. No marketing.
Honest postmortems make the next incident shorter. We publish the cause, the duration, and what we changed — including the things that embarrass us.
Increased query latency (P99 to 4.2s) on Marketplace credit-listing endpoints between 14:18 and 14:51 UTC. Caused by a stale read replica that fell behind the primary. No data loss, no failed transactions. Fixed by failing over to a fresh replica and updating our replication-lag alerting threshold.
Outbound webhook delivery delayed up to 18 minutes for ~3% of customers due to a regression in our queue-depth autoscaling rule. All webhooks were ultimately delivered with retry. Rolled back the regression and added a synthetic-load test to our deploy pipeline.
AI-assisted drafting feature returned 503s between 09:14 and 09:26 UTC after our model-inference provider experienced a regional outage. Failed over to our secondary provider and re-routed all requests. Added a circuit-breaker that kicks in after 90 seconds of provider failure.
Manual TLS certificate rotation on calc.incentedge.com produced a 4-minute window where 14% of clients saw certificate validation errors. Migrated to fully-automated cert rotation via Let's Encrypt + monitor.
The procurement packet.
Everything your security, legal, and procurement teams typically request. Some require an NDA — request access and we will respond within 4 business hours.