How Opisense keeps your data secure and compliant
Built for security, legal, and procurement teams.
Centralized security, privacy, and compliance information in one place — with clear links to policies, registers, and deeper technical detail.
At a glance
Compliance status
| Framework | Status |
|---|---|
Planned | |
Compliant | |
Compliant | |
In progress | |
Planned | |
Planned | |
In progress | |
Planned |
Statuses reflect our roadmap as of this page revision. Documentation is updated when milestones complete.
Documents & next steps
Updates
This page will be updated as we reach new milestones in our compliance roadmap and publish new documentation.
- In progress: SOC 2 Type 2 audit and ISO certification program.
- Available: Subprocessor register and Security whitepaper
Email updates
Get an email when we publish changes to the trust center or our legal documents.
Where to start
Questionnaires & due diligence
Use the contact form for vendor security questionnaires and custom requests. We share what we can at the current maturity of our program.
Agreements, DPA & policies
Customer agreements, product terms, and archived legal documents live in the legal hub. Zero-retention and enterprise-specific terms are addressed in contracts where applicable.
Program overview
Opisense is building a security and compliance program aligned with leading standards such as SOC 2 and ISO 27001, with strong emphasis on privacy and transparent communication with customers.
- Centralized security ownership and incident process
- Secure-by-default infrastructure and deployment pipeline
- Privacy-by-design principles across products
- Documented internal procedures and training
Resources
Audit reports
- Future SOC 2 Type 2 report
- ISO certification reports
Legal
- Customer Agreements
- Policies & product terms
- Legal archive
Data & privacy
Data supported
Types of data that can be processed and stored in Opisense.
- Customer personally identifiable information (PII)
- Employee personally identifiable information (PII)
- Financial and billing information
Overview of how we handle customer data, apply GDPR principles, and document retention.
- Data retention processes established
- Data classification policy in place
- No customer data shared with advertising networks
Subprocessors
Current register · v1 · 3 March 2026
The table below reflects the “Current sub-processors” section of the Subprocessor Register v1 (last updated 3 March 2026). When we add or change sub-processors, we update the PDF and this page together.
The signed PDF remains the authoritative source. Open the register at /subprocessors.
| Sub-processor | Processing purpose | Data categories | Hosting location | Safeguards |
|---|---|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure and hosting | All Customer Data categories | Frankfurt, Germany (EU) | GDPR-compliant DPA, SCCs where applicable |
| Clerk | Authentication and user management | User credentials, session data | USA with EU presence | SCCs, EU-US DPF |
| Stripe | Payment processing | Billing and payment data | EU and USA | SCCs, EU-US DPF, PCI DSS certified |
| Elevenlabs | Speech-to-text and text-to-speech processing | Voice data, content | USA | SCCs, EU-US DPF, zero-retention API |
| OpenAI | AI model inference for content generation, analysis and automation | User input, content data, AI-generated output | USA | SCCs, EU-US DPF, zero-retention API |
| Anthropic | AI model inference for content generation, analysis and automation | User input, content data, AI-generated output | USA | SCCs, EU-US DPF, zero-retention API |
| Vercel | Application hosting and edge delivery | Request metadata, IP addresses | USA | SCCs, EU-US DPF |
| Convex | Backend database and real-time data infrastructure | Application data, user data, content data | USA | SCCs, EU-US DPF |
| Ragie | Retrieval-augmented generation (RAG) infrastructure | Customer documents, indexed content | USA | SCCs, EU-US DPF |
| Recall | Meeting recording and transcription capture | Meeting audio, transcriptions, participant data | USA | SCCs, EU-US DPF |
| Composio | Integration orchestration platform | Integration data, user identifiers, workflow metadata | USA | SCCs, EU-US DPF |
| Resend | Transactional email delivery | Email addresses, email content | USA | SCCs, EU-US DPF |
| Axiom | Logging and observability | Platform logs, request metadata, user identifiers | USA | SCCs, EU-US DPF |
Controls
Key areas of our security and compliance program. Detailed mappings to specific frameworks will be added as certifications are completed.
View detailed controls- Infrastructure security
Hardened cloud infrastructure with network segmentation
- Organizational security
Employee onboarding and security training
- Product security
Secure development lifecycle practices
- Internal security procedures
Incident response plan and runbooks
- Data and privacy
GDPR-aligned processing and data subject rights flows
FAQ
Common questions from security, legal, and procurement teams.
Further questions? Contact us via our contact form.