# Security & Compliance

Shine handles real customer voices, recordings, and consent. We treat that data with the controls an enterprise security team expects, and we are transparent about where we are and where we are headed.

## Current status

- SOC 2 Type II: in progress
- GDPR and CCPA: aligned
- Independent penetration test: planned

## Data protection

- Encrypted in transit (TLS) and at rest across all surfaces.
- Customer recordings and records hosted on AWS in the United States.
- AI providers used strictly as processors, with model-training opt-out set on every customer-data call.

## Access & authentication

- Authentication via one-time passcodes and Google sign-in.
- Role-based access control with tenant isolation, enforced at the data layer and continuously tested.
- Abuse protection: rate limiting, Cloudflare Turnstile, and fail-closed guards.

## Infrastructure & monitoring

- Zero known production dependency vulnerabilities, monitored continuously.
- Parameterized queries and validated inputs throughout.
- Structured logging and observability with correlation IDs across pipelines.

## Privacy & your data rights

- Data Processing Agreement available on request.
- Public subprocessor list with purpose, location, and data categories.
- GDPR and CCPA aligned: consent withdrawal, data export, Do-Not-Sell, and Global Privacy Control honored.

## Protecting the people in your stories

The part of our posture specific to what Shine does: how the voices, words, and likenesses in customer stories are consented to, traced, and undone.

- Consent is dated and comes first: interviewees verify their email and agree, in plain language, to recording and marketing use before recording begins, stored with the date and time given.
- Provenance: published claims are extracted from the recorded interview and pinned to where they were said, with a grounding score so a paraphrase is never shown as a direct quote.
- Revocation propagates: withdrawing consent or unverifying a claim automatically suspends every asset built on it, because each asset stays linked to its source claims.
- Permanence: verifications, edits, and deletions are written to an append-only history (who and when) that outlives the claim; deletions are recoverable for 30 days before they are permanent.

## Request security documentation

Need our documentation for a vendor review? Request our security package and we will send our security questionnaire, Data Processing Agreement, and subprocessor list within one business day. Email hello@shine.studio or use the request form at /security.