Security at DeepaData
At DeepaData, security is foundational — not optional.
We're committed to protecting the integrity of data tagged through our systems. While DeepaData is not a storage layer, our tagging infrastructure is built with security-by-design principles to ensure safe, transparent interactions between developers and memory-aware systems.
Our Current Security Posture
Encryption in Transit
All data exchanges with the DeepaData API are protected using TLS 1.2+ encryption.
API Authentication
Access to our APIs is token-based with scoped permissions, rate limits, and logging.
Operational Hygiene
Internal access is controlled via role-based accounts, 2FA, and principle of least privilege.
Infrastructure Partnering
We deploy on secure, reputable cloud environments with regular patching and monitoring.
Data Processor Model
DeepaData stores governed artifacts (.ddna envelopes) as a data processor under GDPR Article 28. Governance and deletion rights travel with every artifact. We process on behalf of merchants under Data Processing Agreements.
On Our Roadmap
- • SOC 2 readiness
- • Audit logging and dashboard insights
- • Developer alerts for anomalous tagging patterns
Subprocessors
DeepaData uses the following third-party services to deliver our platform. We maintain Data Processing Agreements with each provider.
| Provider | Function | Location |
|---|---|---|
| Anthropic | LLM extraction | US |
| OpenAI | LLM extraction | US |
| Kimi/Moonshot | LLM extraction | CNNote |
| Supabase | Database | US |
| Vercel | Hosting | US |
| Clerk | Authentication | US |
| Stripe | Payments | US |
Note on Kimi/Moonshot: This provider is based in China. Kimi is the default for cost optimization, but customers can select their preferred LLM provider. Contact us for GDPR-specific deployment options.
Security is a shared responsibility. If you discover a potential vulnerability or have concerns, please contact us at security@deepadata.com.